hi. a friend of mine asked but i couldn't give a definite, not even an, answer so i was hoping someone here can shed a light: "I'm checking out snort, a network intrusion detection system. I noticed that when I start the snort daemon to listen on eth0 (my NIC connected to the Internet), the interface enters promiscuous mode. I know what promiscuous mode is, but I'm wondering what the impacts of the device's being on promiscuous mode will be. eth0 is connected to the DSL bridge (static IP, standard ethernet, no PPPoE) where it is the only active workstation in the subnet. Aside from snort, what other NIDS can be recommended for Linux?". thank you. -- "In is out and out is in. But out is out and in is in." -- Pumbaa
Attachment:
pgp4_3ol7F9gB.pgp
Description: PGP signature