I think snort set my eth0 to promiscuous.

Not only does it cause chkrootkit to complain, but I get alot of snort alerts for nearby hosts.

Can I, Should I, make my interface monogamous?

Thank you for advice!

monkey_boy

No one will want to buy the cow if the milk is free.

(someone please help. Its the only way to stop the puns!)

The nic has to be in promiscuous mode for snort to be able to check the incomming packets.

in the config (let me know if you need details) you can put in your IP address(s) so it will only look for things on your IP(s).

I don't think there is much you can do about chkrootkit.

Frank

It looks like if I define my IP address (instead of using any) for the $HOME_NET, and leave off the /24 netmask.

and define $EXTERNAL_NET to none (instead of any).

I looked all through the FAQ and several snort tutorials, but could not find these answers. Please let me know if I am way off base here.

Thank you!

monkey_boy