RE: securing nic's for snort
From: Renaud, Andre (Andre.Renaud@hp.com)Date: 05/27/02
- Previous message: Muhammad Faisal Rauf Danka: "Re: How to get rid of spoofed IP-Address responses"
- Maybe in reply to: Richard R. Kaufman: "securing nic's for snort"
- Next in thread: Stephen Samuel: "Re: securing nic's for snort"
- Next in thread: Patrick Morris: "Re: securing nic's for snort"
- Reply: Stephen Samuel: "Re: securing nic's for snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 May 2002 09:42:44 +1200 From: "Renaud, Andre" <Andre.Renaud@hp.com> To: <focus-linux@securityfocus.com>
One of the easiest ways is to simply not give the card an IP address,
it can still go into promiscuous mode, and works fine under snort
(I believe). It does limit you slightly, you can't run any services off
this card - it is really only applicable if the snort box is attached
to a second network (or you work locally on it a lot).
Andre
-----Original Message-----
I would like to start using snort IDS. I have a linux box all built and
hardened (per much of the this list's guidance!) but now would like to
know how to *truly* secure my second network card that will have snort
listening on. What are a few things I should bear in mind when "locking
down" this card? What makes the card "stealth?"
- Previous message: Muhammad Faisal Rauf Danka: "Re: How to get rid of spoofed IP-Address responses"
- Maybe in reply to: Richard R. Kaufman: "securing nic's for snort"
- Next in thread: Stephen Samuel: "Re: securing nic's for snort"
- Next in thread: Patrick Morris: "Re: securing nic's for snort"
- Reply: Stephen Samuel: "Re: securing nic's for snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
