I'm trying to set up a snort sensor at work with two NIC's - one listening outside the firewall with no ip address, and another inside the firewall which is how traffic will be moved off of the box. Since I'm using a linux box, the obvious way to make the outside interface silent is to not assign it an IP address. This means that it is impossible for this machine to respond to requests on its external interface. However, due to the fact that this machine will bridge the firewall, we're looking for a hardware solution as well. Are there any devices out there that allow an ethernet interface to be listen only? Thanks for the help.
if you have money to burn, and you're looking for a physical way to watch your network, you can always get an ethernet tap.
just do a google for ethernet tap. it's not the cheapest way to go but it gets the job done.
Thank you. That's exaclty what I was looking for. I've done numerous google searches lookig for something like this, but it's very hard to find if you don't know the name of the item you're looking for. Thanks.
no problem. just make sure you have security measures in place on the computer that will be connected to the tap.
check out niksun (not sure of the spelling). This may also fit into what you aree looking for.
This is not an ad so no flames please, just remember hearing about this doing what you described.