Snort mailing list archives
RE: ideal setup
From: twig les <twigles () yahoo com>
Date: Fri, 9 Aug 2002 09:43:31 -0700 (PDT)
However unless you mirror the port on your switch, your firewall/snort box won't see internal -> internal traffic. If you miss the initial attack, then all the nasty stuff that follows will get past silently. Also, since the firewall is already a potential chokepoint, do you want to burden it with many potential L7 packet examinations and TCP stream reassemblies? --- Kevin Brown <Kevin.M.Brown () asu edu> wrote:
Then (if snort doesn't have this already) maybe snort should be used in non-promiscuous mode if it is run from the firewall because all the traffic destined for your network has to go through the firewall. -----Original Message----- From: Keith Young [mailto:kyoung () v-one com] Sent: Wednesday, August 07, 2002 2:29 PM To: robert () support4linux com Cc: quentyn () fotango com; snort-users () lists sourceforge net Subject: Re: [Snort-users] ideal setup Robert Cole wrote:Ok lets go for a not so dream setup. How aboutsnort running on the firewallmachine and sending its logs to a syslog server.That a decent setup if thesyslog server is heavily protected as well?Robert, I wouldn't run Snort on the firewall for two reasons: * Snort will put the interfaces into promiscuous mode * running extra services usually isn't a good idea What about running a Snort box outside and a Snort box inside which sends log data to the syslog server in the DMZ? -- -- --Keith Young -kyoung () v-one com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ideal setup Robert Cole (Aug 07)
- Re: ideal setup quentyn (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup Keith Young (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup quentyn (Aug 07)
- <Possible follow-ups>
- RE: ideal setup Kevin Brown (Aug 07)
- Re: ideal setup Keith Young (Aug 07)
- RE: ideal setup twig les (Aug 09)
- RE: ideal setup Kevin Brown (Aug 08)