RE: Snort sensor on a Firewall

[sireesha gaddipati <g_siri_g () yahoo co in>]

Hi, I actually want to place snort sensor on the same machine as firewall. My firewall has two interfaces one of which 
is connected to internet and other to the internal network. If I place two snort sensors one on each of those 
interfaces will that work same as snort sensors before and after the firewall (before and after in the sense on 
separate linux boxes) Thanks.Sireeha

Michael Steele <mes () go2dds com> wrote:
Sireesha,

 

In short:

 

Placing Snort on the far side of the firewall will allow Snort to monitor all traffic.

 

Placing Snort on the near side of the firewall will allow Snort to detect on everything that gets past the firewall.

 -Michael
 

-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
sireesha gaddipati
Sent: Monday, May 05, 2003 9:44 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort sensor on a Firewall

 

I am new to Snort. I am using snort for a class project.I have a doubt regarding placement of snort sensor. 

 

Can I place a snort sensor on a firewall and monitor all the traffic coming into internal network from the internet??? 
Will that be same as placing a snort sensor on a different box outside the firewall?? In brief will the snort on 
firewall be able to monitor all the packets before filtering them???

 

Thanks.

Sireesha

 

Catch all the cricket action. Download Yahoo! Score tracker

Catch all the cricket action. Download Yahoo! Score tracker