Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Limitations

From: Ian Macdonald <secsnort () dirk demon co uk>
Date: Wed, 7 Aug 2002 23:04:52 -0400 (EDT)
It is possible but it all depends on your traffic and the rules you have
loaded. Run it then see if snort is dropping packets, you can do a control
C and it will print stats. If you see packets being dropped I would split
snort from the database to another machine.

Ian

On Wed, 7 Aug 2002, Tim wrote:


Hey ppl,

A little help, please. I have some limitations in what and where I can make my installations on for Snort and 
utilities and in need of some expertise from those who have had similar problems.

This is my set up: DSL coming into a Cisco 806 router which is connected to the first (eth0) of three interfaces on a 
Linux RH 7.3 box strictly running my firewall (iptables/net filter). The second (eth1) interface is for a DMZ which 
is populated with an Apache web server and a mail server.
The third (eth2) interface is for my LAN with a couple of NT domain controllers, M$ SQL server, a couple of Citrix 
servers and a box running some of the services for the LAN. Obviously there are two switches that interconnect the 
subnets. I'm limited to how many boxes I can configure for an IDS system. It would seem like such a waste to run 
separate machines for the different programs in order to effectively run an IDS system.

My question: Is it possible to install three (maybe four for management) interfaces on one box and install the Apache 
Web Server, MySQL, Webmin, ACID and Snort, in other words, have all the necessary installations in order to run snort 
and monitor the external, DMZ and internal interfaces on the firewall from one box? Is this possible? I'm very 
limited to how many boxes I can use in order to effectively monitor/learn what is going on with security on my 
network. I would like to hear from those who have effectively done so and hear the pros and cons to why this could or 
could not work.

Thanks in advance for any insights.

Sincerely,
Tim -- Mia/Fla





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: