RE: Snort / Linux on floppy

["Trey A Mujakporue" <trey.trey () ntlworld com>]

Since you are very concerend about the the security of the outside
sniffer, have you considered putting 2 NIC's the the the box you are
running snort on, one with an IP address (non-routable) and one without
but in promiscuous mode. 
This way, the NIC on the outside cant be seen.



-----Original Message-----
From: mae () ium no [mailto:mae () ium no] 
Sent: 23 June 2003 14:16
To: focus-ids () securityfocus com
Subject: Snort / Linux on floppy
Importance: High






I want to set up a Linux box with Snort but when I first are going to do
it, I want to do it right. Is it possible to run Linux and Snort from a
single floppy? I want to set up an IDS system on both sides of the
firewall and am concerned about the security on the outside sniffer. I
believe a "write protected" floppy where Snort exports the log would be
the secure way but I don't know anyone who has tested it. Will the
system respond to slow on an 11mbit line? I have weary little
experience, all inputs would be appreciated!

Are there any good IPS Open source projects?? I've tested the NS IPS box
and its quite good but the price is not compatible with my budget! :)


Brgs
Martin Engervik


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------