RE: Snort behind host's firewall

["Jason Lewis" <jlewis () jasonlewis net>]

You are in luck.  I just finished a paper that might help.

http://www.packetnexus.com/docs/packetnexus/NIDS_Placement.pdf

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure". The people at the
other end of the link know less about security than you do. And that's
scary.



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of RoBSD
Sent: Friday, June 08, 2001 4:14 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort behind host's firewall


Hello,
And sorry if I ask a question that has already a answer on the list!
I want to deploy 4 servers on one collocation center and my servers
will be in one network with servers that are not ours and I don't want
to provide IDS for them. So, if it's possible to configure snort to
not use promiscuous mode and to analyze only packets that pass through
my firewall. I know that I can use "-h IP" but on 2 servers I will
have multiple IP's (more than 20) and for this I will have to add for
every new IP a new configuration! And in the same time I want to spare
same CPU time and only analyze what pass the firewall!

Thank you for your response!

Radu Coroi


--
Best regards,
 RoBSD                          mailto:robsd () softhome net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users