Snort crossing interfaces?

["Kloc, Alisha" <Alisha.Kloc () Boeing com>]

Hi list,

I'm a new member so please let me know if I'm not doing this right.

We have a problem with Snort 2.9.0.5 on a Windows 2003 server that we can't figure out. When we install Snort, it gets 
the machine's interfaces wrong (i.e., we have eth0 configured as the primary interface, and eth1 as the Snort 
interface, but Snort only listens on eth0). We can't figure out where Snort is setting the interfaces, or how to stop 
it from crossing them.

What makes this problem particularly scary is that it can apparently cause our machine to bluescreen. During initial 
troubleshooting, we tried disabling eth1 and rebooting - but the reboot bluescreened. We have no idea how Snort getting 
the interfaces wrong is making that happen, but it's a pretty drastic failure and we're very concerned.

A couple of troubleshooting caveats: We have a locked design, meaning that we can't upgrade to a newer Snort; and we 
also can't compile/recompile the code. (We use the Windows .exe to install.)

Has anyone seen this before? Do you know where/how Snort identifies the host machine's interfaces, and how we can get 
it straightened out?

Thanks!
-Alisha Kloc

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!