On Fri, Sep 14, 2001 at 10:16:23PM +0800 or thereabouts, Federico Sevilla III wrote:
> Hi everyone,
>
> I'm checking out snort, a network intrusion detection system. I noticed
> that when I start the snort daemon to listen on eth0 (my NIC connected to
> the Internet), the interface enters promiscuous mode. I know what
> promiscuous mode is, but I'm wondering what the impacts of the device's
> being on promiscuous mode will be.
>
> eth0 is connected to the DSL bridge (static IP, standard ethernet, no
> PPPoE) where it is the only active workstation in the subnet.
>
> Aside from snort, what other NIDS can be recommended for Linux?
>
when you install snort to listen on a particular nic traffic/load will
increase due to snort flagging every packet that passes. you can
verify by doing an "ifconfig eth0 -promisc" and then "uptime" to see
the load. compare it then to "ifconfig eth0 promisc" and then
"uptime". according to the people i talked to we're talking of Kbit
to Mbit increases.
--
"In is out and out is in. But out is out and in is in."
-- Pumbaa
PGP signature
