Yup, On 10-Oct-01 Jose Luis Araujo wrote:
Hy, my question is fairly simple, but the anwser looks difficult.
First, my Setup:
* SuSe Linux 7.0 running on a PII 350 * Snort 1.8.1 * Network Card Lance (AMD 79c961)
Now, my problem, i am trying to setup a no-ip interface, what i found in the internet was that all i needed to do was:
ifconfig eth1 up promisc
and after this the NIC seems to capture all the traffic, but it drops it, in ifconfig i see the droped count rise, i am asking this in this mailing list because the problem may be suse specific (and it is about security, i think), but i can't find information about what may be causing this.
I really don't get this "no-ip" thing... Anyway, by setting your eth1 in promiscuous mode you switch off the MAC filter of this interface. All packets flowing on your net will be sniffable that way (well, theoretically). Have you configured snort to use that interface? And: If your HOME_NET is not on eth1, you will see nothing of interest, since the real traffic flows elsewhere (on (i)ppp0 perhaps, or eth0). Are you sure your routing table is correctly set up?
Jose Araujo
Boris Lorenz