RE: securing nic's for snort

From: Renaud, Andre (Andre.Renaud@hp.com)
Date: 05/27/02


Date: Tue, 28 May 2002 09:42:44 +1200
From: "Renaud, Andre" <Andre.Renaud@hp.com>
To: <focus-linux@securityfocus.com>

One of the easiest ways is to simply not give the card an IP address,
it can still go into promiscuous mode, and works fine under snort
(I believe). It does limit you slightly, you can't run any services off
this card - it is really only applicable if the snort box is attached
to a second network (or you work locally on it a lot).

Andre

-----Original Message-----
I would like to start using snort IDS. I have a linux box all built and
hardened (per much of the this list's guidance!) but now would like to
know how to *truly* secure my second network card that will have snort
listening on. What are a few things I should bear in mind when "locking
down" this card? What makes the card "stealth?"



Relevant Pages

  • Re: securing nics for snort
    ... If you wish to have the card be semi-stealth, ... Only two address can fit into a /30 subnet, ... hard time talking to it without your permission. ... > it can still go into promiscuous mode, and works fine under snort ...
    (Focus-Linux)
  • Re: What is the least economical car ever?
    ... All stationary idling cars return the same appalling fuel economy. ... You're a card, I'll give you that. ...
    (uk.transport)
  • Re: What is the least economical car ever?
    ... All stationary idling cars return the same appalling fuel economy. ... You're a card, I'll give you that. ...
    (uk.transport)
  • RE: Network Card Promiscuous Mode
    ... Second to make windows run the card in promiscuous mode use winpcap. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
    (Security-Basics)
  • Re: Promiscuous Mode
    ... promiscuous mode is a configuration of a network card ... Each packet includes the hardware address. ... a network card receives a packet, it checks if the address is its own. ...
    (Pen-Test)