Snort mailing list archives

stealth mode and openbsd 3.3

From: Bert Beaudin <bert () spininart com>
Date: 23 May 2003 14:46:39 -0700

Currently attempting to run snort in stealth mode on openbsd 3.3. Snort
2.0.0 built from source. I have the interface sis0 up.


sis0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500
        address: 00:09:5b:06:63:f8
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::209:5bff:fe06:63f8%sis0 prefixlen 64 scopeid 0x2

And Im running it from 

/usr/local/bin/snort -de -h 192.168.20.0/24 -i sis0 -c
/etc/snort/snort.conf

All on one line. 

When I run some attack scripts I get nothing logged to
/var/log/snort/alert.

But if I change -i sis0 to -i rl0 where rl0 is

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:30:84:3e:69:8d
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.20.13 netmask 0xffffff00 broadcast 192.168.20.255
        inet6 fe80::230:84ff:fe3e:698d%rl0 prefixlen 64 scopeid 0x1


and run the attack scripts I get hits in /var/log/snort/alert.

What am I doing wrong? Any help would be great. 
PS both interfaces are attacahed to the same hub.

Thanks,
-- 
Opensource software user
www.spininart.com
bert () spininart com

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

stealth mode and openbsd 3.3 Bert Beaudin (May 23)
- Re: stealth mode and openbsd 3.3 MH (May 24)
- Re: stealth mode and openbsd 3.3 Erek Adams (May 27)