Re: snort and firewall

["GeEk" <koolman () visi0n net>]

Here is What I did

DSL Router - 675
Firewall - Linux Box running bridge software, snort and iptables for extra
network foltering

INTERNET ---- 675 ----- FIREWALL ------ Switch ---- Web Server,
Workstation, Mail Server etc...


For the firewall not only can I see all traffic that passes throuhg the
router to all boxes but I have the firewall completely locked down so it's
practly impossible to hack even if a local machine is compermised..



-- 
LinSys

http://www.visi0n.net
Unix / Security Online Info

-----

When you die and your life flashes before your eyes does
that include the part where your life flashes before your
eyes?

-----

On Tue, 14 Aug 2001, J. C. Woods wrote:

> Stephen Torri wrote:
> > If I have an external DSL modem hooked up to my firewall, where should I
> > put a machine running snort? If its behind won't I only detect if someone
> > has broken in?
> >
> > Stephen
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> If you are saying you have a gateway/router machine that has two
> interfaces, eth0 and eth1, the answer to your question would be yes. In
> theory, any external packets picked up by snort on your internal
> interface would indicate firewall penetration onto your private LAN.
>
> drjung


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users