Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Running snort on a firewall

From: "J. Craig Woods" <drjung () sprynet com>
Date: Thu, 20 Dec 2001 16:37:15 -0600
At 10:21 PM 12/20/2001 +0100, Saad Kadhi wrote:

IMHO, if one is really serious about IDS stuff one would have two boxes
listening on both the inside & the outside of the firewall plus a
separate "logging" fast network with a db server to which the Snorts
will send the logs. But I don't want to start a flame-war(tm) here ;)
You just did! Serious is relative to what you are doing. Yes, if one is running a large IT enterprise network I agree with your aforementioned setup. BUT there are many uses for a IDS, from a simple stand-alone workstation on ADSL to the most complex ethernet network in existence ( I have been around the country, working at various IT departments, and a few of these are unfortunately heading in this direction). One size does not fit all.... 


J. Craig Woods
UNIX/NT SA
-Art is the illusion of spontaneity-


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: