Snort mailing list archives
RE: plz help
From: "Nick Duda" <nduda () VistaPrint com>
Date: Thu, 15 Jul 2004 08:52:02 -0400
More importantly would be BEHIND the firewall, not in front. You could do it in both places but would see massive traffic before the firewall. By putting the sensor behind the firewall you will capture traffic that the firewall missed and all the traffic from your LAN out. I would span the gateway port of the switch (the one that goes to the firewall) to the port the snort sensor is on. If your switch doesn't allow for port spanning (most Cisco Catalyst do) I would do the following: Internet --> Router --> Firewall --> Hub (hang snort sensor off the hub) --> Switch --> Lan - Nick _____ From: Chandana Bandara [mailto:chandana () dialogsl net] Sent: Thursday, July 15, 2004 8:20 AM To: Nick Duda Cc: Snort Subject: Re: [Snort-users] plz help Thanx u all that replied me . Now i rectified the problem with ur help and it is working . thank u very much. ------------------------------------------------------------------------ --------------- where should i have to locate this snort box u all recomended ? i meant against firewall ..and such . internet --------> router -------> Firewall ------> switch ------> Lan. as i shown in this example i would like to put this before the firewall. am i correct ? if it is wrong can u all giude me plz ? ######################################################################## ######################################### when if snort receved strange hit , how can i block it by future attacks ? Is there any documentation to for rules ? Thank u chandana ----- Original Message ----- From: Nick Duda <mailto:nduda () VistaPrint com> To: Chandana Bandara <mailto:chandana () dialogsl net> ; snort-users () lists sourceforge net Sent: Wednesday, July 14, 2004 7:53 PM Subject: RE: [Snort-users] plz help Nessus, Retina, NMAP....etc Anything that can do massive pen testing will make snort go crazy. Tools like these are required in a security pro's toolbox _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Chandana Bandara Sent: Wednesday, July 14, 2004 7:19 AM To: snort-users () lists sourceforge net Subject: [Snort-users] plz help hi , I have installed snort perfectly in Red Hat Linux 9 box.ACID url runs on the browser. i used ping command with huge paccket sizes to that snort server. But there was no any alerts in the ACID. So tell me , how do i check this from other clients ? plz help thanx in advance chandana
Current thread:
- plz help Chandana Bandara (Jul 14)
- Re: plz help shashank . joshi (Jul 14)
- <Possible follow-ups>
- RE: plz help Harper, Patrick (Jul 14)
- RE: plz help Nick Duda (Jul 14)
- Re: plz help Chandana Bandara (Jul 15)
- RE: plz help Nick Duda (Jul 15)