Snort mailing list archives

Previous By Date Next
Previous By Thread Next

using flex-resp without an IP address

From: Eric Baur <Eric.Baur () Certegy com>
Date: Tue, 18 Mar 2003 10:54:40 -0800

        In order to use the flexible response capability in snort, is it
required that the interface snort is listening on have an IP address?
        In our current set up, we have a snort box (running on Linux,
snort-1.9.0) that has an IP address behind the firewall and then an
interface running w/out an IP in front of the firewall that snort is
listening on.  We'd like to be able to use the flex-resp option to kill
traffic on the outside of our firewall (for slightly better response time,
in part), but it doesn't seem to be working.
        I gave it an IP address temporarily, and it seems to be working now,
but I don't consider that a long term solution - since we don't want to be
running it unprotected.

        Any way around this?

Eric

-11101011-
Eric Baur
Desktop Support, IS Dept.


-------------------------------------------------------
This SF.net email is sponsored by: Does your code think in ink? 
You could win a Tablet PC. Get a free Tablet PC hat just for playing. 
What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: