Re: snort placement

[neptuna <neptuna () neptuna org>]

> If I read correctly, this is your current setup
>
> Cable Modem ----- Router/FW ---- Dlink switch ---- 3 computers.

Yes, that is correct.

> Snort can be placed in many areas:  Probably the most beneficial would 
> be in front and behind the router/FW, this way you know what you're 
> being attacked with and what's getting through the FW.

Actutally I did try to install snort a few months ago and I placed it on
one of the boxes on the inside (a RH 7.2) box. However it did not
capture any traffic. 


> CM ---- Snort --- Router/FW --- Snort ---- Switch ---- computers.

Let me understand:
CM -> Snort box plugged into the Ethernet jack of modem -> [ this is
where i am confused ] Snort box hooked into the Router [ but how ?] ->
snort box UPlinked to switch -> Switch to internal computers?
 

> You can also hook it up to an open port on the switch and monitor 
> traffic that way.  All these options are dependent on separate boxes 
> doing Snort.

I tried this before (see above)

Thanks very much Chris !!






-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users