Snort mailing list archives
RE: Running snort on a firewall
From: "J. Craig Woods" <drjung () sprynet com>
Date: Thu, 20 Dec 2001 16:37:15 -0600
At 10:21 PM 12/20/2001 +0100, Saad Kadhi wrote:
IMHO, if one is really serious about IDS stuff one would have two boxes listening on both the inside & the outside of the firewall plus a separate "logging" fast network with a db server to which the Snorts will send the logs. But I don't want to start a flame-war(tm) here ;)
You just did! Serious is relative to what you are doing. Yes, if one is running a large IT enterprise network I agree with your aforementioned setup. BUT there are many uses for a IDS, from a simple stand-alone workstation on ADSL to the most complex ethernet network in existence ( I have been around the country, working at various IT departments, and a few of these are unfortunately heading in this direction). One size does not fit all....
J. Craig Woods UNIX/NT SA -Art is the illusion of spontaneity- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Running snort on a firewall Linux Boy (Dec 20)
- Re: Running snort on a firewall Bruno Gimenes Pereti (Dec 20)
- <Possible follow-ups>
- RE: Running snort on a firewall Fraser Hugh (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)
- RE: Running snort on a firewall J. Craig Woods (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)