Snort mailing list archives
RE: Running snort on a firewall
From: Saad Kadhi <bsdguy () docisland org>
Date: 21 Dec 2001 07:40:14 +0100
On Thu, 2001-12-20 at 23:37, J. Craig Woods wrote:
At 10:21 PM 12/20/2001 +0100, Saad Kadhi wrote:IMHO, if one is really serious about IDS stuff one would have two boxes listening on both the inside & the outside of the firewall plus a separate "logging" fast network with a db server to which the Snorts will send the logs. But I don't want to start a flame-war(tm) here ;)You just did! Serious is relative to what you are doing. Yes, if one is running a large IT enterprise network I agree with your aforementioned setup. BUT there are many uses for a IDS, from a simple stand-alone workstation on ADSL to the most complex ethernet network in existence ( I have been around the country, working at various IT departments, and a few of these are unfortunately heading in this direction). One size does not fit all....
<flame^Wagreed. My point was to make it clear that for a serious enterprise-like solution, one would use Snort as an NIDS & put two of those. But if you are to protect a *DSL small network (a home network for instance), one would put the NIDS on the firewall directly (as I'm doing in my home net). Now let's call it quit :) or this thread will lead to what I'm trying to avoid. Regards, -- /Saad Kadhi --------------------------------------------------------------- bsdguy () docisland org pgp keyid: 35592A6D fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D --------------------------------------------------------------- .sig made with the six^Hvi editor _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Running snort on a firewall Linux Boy (Dec 20)
- Re: Running snort on a firewall Bruno Gimenes Pereti (Dec 20)
- <Possible follow-ups>
- RE: Running snort on a firewall Fraser Hugh (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)
- RE: Running snort on a firewall J. Craig Woods (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)