Snort mailing list archives
RE: Using SNORT for Internal IDS
From: "Hutchinson, Andrew" <andrew.hutchinson () Vanderbilt Edu>
Date: Wed, 25 Jun 2003 08:24:36 -0500
Sure, Snort can be used anywhere you please - internal, external, or otherwise. You may have as many copies of snort running as you please, on as few or as many machines as you please - it's open source and free. When converting from 1.9 to 2.0, I even had both versions running simultaneously on the same box with no issues. All you need to do is customize the rules files and conf file for each location. There's really no documentation _specifically_ about doing this, because none is necessary. Andrew Andrew Hutchinson - Network Security Vanderbilt University Medical Center (615) 936-2856 -----Original Message----- From: Pankaj Gupta [mailto:pgupta () interloci com] Sent: Tuesday, June 24, 2003 3:17 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Using SNORT for Internal IDS I am not sure if Snort can be used to monitor internal attacks or intrusion activities. Also, can I use two copies of Snort (installed on two separate servers), one to monitor the external port outside my firewall and the other to monitor specific internal ports for signature matches. Does anyone have any experience, inputs or documentation on this matter? Thanks. Pankaj Gupta
Current thread:
- Using SNORT for Internal IDS Pankaj Gupta (Jun 25)
- Re: Using SNORT for Internal IDS Erek Adams (Jun 25)
- Re: Using SNORT for Internal IDS Bryan Irvine (Jun 25)
- <Possible follow-ups>
- RE: Using SNORT for Internal IDS Hutchinson, Andrew (Jun 25)
- Re: Using SNORT for Internal IDS Erek Adams (Jun 25)