Tom,

If someone compromised your snort machine, they would be able to see all the
same traffic that Snort sees (of course). This would be a very "Bad Thing"
(tm, Erek Adams, 2001).

It is _critical_ to properly secure your Snort machine - see the FAQ for
information on setting up a stealth interface, or an interface with no IP
address. A wealth of helpful resources are available in the SANS GIAC
practicals at http://www.sans.org/giactc.htm.

-Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wrightjwu.edu

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

-----Original Message-----
From: Tom Beer [mailto:mailingsanalogon.com]
Sent: Thursday, November 01, 2001 8:24 AM
To: snort-userslists.sourceforge.net
Subject: [Snort-users] [Newbie] Promiscuous Mode

Hi,

if I run snort on an external interface attached to
bad world out there :-) isn't this interface
set into promisuous mode, so that an
bad guy may read all the data passing
on that interface?

Thanks Tom

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]