Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort and acidcenter

From: Rigoberto De la Portilla <rdelaportilla () yahoo com>
Date: Wed, 1 Jan 2003 08:22:39 -0800 (PST)
Paul, 

i have a netgear dualspead 10/100 hub... 
are you telling me this wont work ?

i am now going to setup kind of the same thing as joe,
just that i have dsl with a block of ips on the same
subnet.

my dsl modem connected to netgear dualspeed hub.

connected to the dualspeed there is one snortbox in
promisc/noip eth1

one honeypot with a static 
one ethernet router with a static

eth0 for snort box is on the local lan  behind the
ethernet router.

has anyone found a good setup howto for
rh8/snort/mysql???  i read the 7.3 even thought that i
used the snort-mysql.x.rpm i ran into some issues
where my acid console was not picking up any traffic
or the sensor.

all access to the mysql was setup following the steps
of the howto also permissions to directorys were
correct.


Message: 7
From: "Paul D. Shaffer" <paulshaf () earthlink net>
To: "'Joseph Turley'" <syprinth () yahoo com>,
        <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Snort and acidcenter
Date: Tue, 31 Dec 2002 15:56:06 -0700

Joe,

As long as the hub is truly a "hub" and not one of
those dual-speed
types that actually "switches" between the 10/100
fabric, you only need
to snort on one interface.  You will however have to
expand your
HOME_NET variable to cover the address space you're
using.

You can run ACID from anywhere as long as you setup
access to/from the
database and from the sensor box, if they are not all
three one and the
same.  If your hardware is recent and has the
capacity/horsepower,
there's no reason you can't run everything on one box.
 For a home net,
even older hardware would probably be sufficient to
support an
all-in-one solution.

Hope that helps...

Paul 


=====

Rigoberto De La Portilla   -=[MCSE, WCSP]=-
http://cb0.net/~rigo


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: