|
-
November 5th, 2003, 11:33 AM
#11
I actually could care less about smoothwall, goto www.snort.org
My bloody evilness.. did you see what his errors are?
Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:
PCAP command: %s
Fatal Error, Quitting...
Which is a snort error when a NIC cannot drop into promiscuous mode.
It makes a bloody big difference to the problem..
There are differences between Snort for Linux and Snort for Win.. for a start the Win version is a Port from the *nix..
Smoothwall V2 is an operating system based on Linux kernal 2.4.. It is not a windows application.. Giving a windows solution to a application running under linux is like solving a submarine problem with Automobile solutions.. you may accedently hit the solution.. but you may sink in the process..
Also as already stated.. The Version of Smoothwall is important.. as there were problems with Snort under the earlier Smoothwall V2 beta's.. and in some the patches didn't solve all the problems with all hardware combinations..
Just using a different chipset NIC may be the answer, or try V2 b7 of smoothwall..
And yes i am in a bad mood.. and like Badfalls_girl.. I do bite..
cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
November 5th, 2003, 11:55 AM
#12
Undertaker: Now that's all cleared up......  ..... It's Nightfalls_Girl...... and she carries a big stick.... 
Heretic:
What if I wanted all traffic to flow through the outside computer normally
You mean you want the traffic to flow internet -> External NIC -> Internal NIC -> Internal Network? That would be an inline implementation and yes it would work. You just need to make sure you pick the right NIC to listen on. You'd have to set the box up as a router and I can't remember my level of success trying that with Win2k - Yeah M$ may say "you do it this way" but there are varying degrees of success with M$'s How to's..... <sigh>
You'd still need to be firewalled at some point too and I'm not sure if you could make a firewall work on the same box and have an effective install of snort. What I do with my snort boxes is I have a hub outside the firewall and a hub inside before the internal router. Then I can see _all_ inbound and outbound traffic and therefore have confirmation of the ACL's, (if port 8080 isn't allowed inbound and both snorts alert on a port 8080 proxy scan then my firewall is messed up.... Handy-dandy little piece of info to know.....
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 5th, 2003, 12:19 PM
#13
Ok.. I'll retrive my dummy.. and go back to sleep.. see if tomorrow is a better day
cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote