Re: Multiple Snort Sensors HOWTO

[twig les <twigles () yahoo com>]

I like the doc.  Actually I'm considering (seriously
considering) scripting the installation of a few
sensors and a viewing station.  In my mind's eye
(which is the only place this exists right now)
someone could install FreeBSD on, say, 5 boxes and
plug them all into one offline hub.  4 would be
minimal installs and one would have X.  From the one
with X you could launch the scripts, which would
probably be Expect since they would have to SSH and do
other interactive things.

There are some obvious problems (how do you use the
ports if you aren't online?) and I am not ready to
start this right now, but you asked....


--- Andrea Barisani <lcars () infis univ trieste it>
wrote:
> Hi to all!
>
> I've just put a simple HOWTO regarding Multiple
> Snort Sensors at
> http://www.infis.univ.trieste.it/~lcars/ids.
>
> The document is VERY very simple (I've completed it
> in one hour) and 
> it is intended as a start for further discussion,
> every contribution 
> is welcome and the document is entirely open.
>
> I have covered manual configuration of snort sensors
> controlled by a
> management server.
>
> Hope that you'll find some good ideas.
>
> Let me know what you think :)
>
> Bye
>
> P.S.
> Is there anyone who has ever think about automating
> something like this 
> in order to create a master+sensor distribution
> project, maybe a huge Gentoo 
> ebuild :)...just wondering.
------------------------------------------------------------
> INFIS Network Administrator & Security Officer      
>   .*. 
> Department of Physics       - University of Trieste 
>   /V\
> lcars () infis univ trieste it - PGP Key 0x8E21FE82    
>  (/ \)
> ----------------------------------------------------
>  (   )
> "How would you know I'm mad?" said Alice.           
>  ^^-^^
> "You must be,'said the Cat,'or you wouldn't have
> come here."
------------------------------------------------------------
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> PC Mods, Computing goodies, cases & more
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
All warfare is based on deception.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
PC Mods, Computing goodies, cases & more
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users