RE: questions about a home network

From: Ivan Hernandez Puga (ivan.hernandez@globalsis.com.ar)
Date: 12/26/01 

Date: Wed, 26 Dec 2001 10:55:51 -0300
From: "Ivan Hernandez Puga" <ivan.hernandez@globalsis.com.ar>
To: <alamb@lucidic.net>, <focus-ids@securityfocus.com>

Hello. I'm using snort 1.8.2 on 2 windows 2000 machines and the only one thing to complain about the port is that doesn't support sniffing on VPN devices.
Anyway, your cable modem will work fine.
Try this command line to test if snort is at least working properly:
snort -dvx

that should dump the packets on the console output and you'll be able to see if it works.

Any other problem get the error and talk again

Ivan Hernandez

-----Original Message-----
From: Andrew Lamb [mailto:alamb@lucidic.net]
Sent: Monday, December 24, 2001 5:56 PM
To: focus-ids@securityfocus.com
Subject: questions about a home network

I have a home network which is managed by a Umax Ugate 3000 hub connected to a cable modem. The hub has features such as exposed host (allows me to place one machine outside of the DMZ), block wan probing, block wan icmp(s), and the ability to forward virtual ports for internal servers, as well as create rules for applications that require two-way communication.

I am starting a honeypot project (www.lucidic.net), and I'm curious as to how to setup Snort 1.8.x effectively on Windows 2000 clients. I previously tried using the WinPCap libraries, but when I tested my configuration, I was given an obsecure error message along the lines that winpcap was unable to initalize the device "\" (which should be my ethernet card). Unfortunately I do not have the error message on hand. Any suggestions?

__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com

Relevant Pages

  • RE: locking down snort
    ... When setting up snort the best method is ... Also in larger networks the sniffer management port can sit on the ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
    (Security-Basics)
  • RES: snort- problems
    ... snort is monitoring only the ... It is important to gather some other information about your network, ... assign the "monitor port" to snort. ...
    (Focus-IDS)
  • Re: IDS deployment on a Cat6500 series & which Snort box?
    ... > could open the chance of using any IDS on that port instead of ... > They have also asked me if an open-source solution such as Snort could ... > for Snort 2.x branch is recommended. ... > - Any recommendation on which architecture could fit their possible ...
    (Focus-IDS)
  • Re: IDS deployment on a Cat6500 series & which Snort box?
    ... IDS deployment on a Cat6500 series & which Snort box? ... If we need to span a server port than we drop the copper connection ... > for the IDPs and re-configure the span port to monitor a server port. ...
    (Focus-IDS)
  • RE: Exploit for Windows RPC may be in the wild!
    ... I usually found that one can try once to get the os\sp pair correct ... Some snort sigs I came across, don't know how good they are. ... Exploit for Windows RPC may be in the wild! ... > ISPs are reporting a dramatic increase in traffic on TCP port 135. ...
    (Incidents)