Snort mailing list archives
Re: Snort on Multiple Interfaces
From: Ron <iago () valhallalegends com>
Date: Fri, 22 Jul 2005 12:56:32 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, I have some limited IPTables rules, but nothing really special. I'm going to look into snort_inline. But right now, I have it on both interfaces. I just want to make sure that they're not going to get in the way of each other. Thanks! Joel Esler wrote:
Are you using your computer as a firewall? If not, if you just have the traffic coming in and going right back out, i would say, run one instance of Snort on either interface. Someone correct me if I am wrong. J On 7/21/05, Ron <iago () valhallalegends com> wrote: Hey guys, I am running snort on a computer that bridges my network. All traffic from the internet enters through eth0, which bridges it to eth1, which plugs into a switch. 2 questions: - Should I run Snort on both interfaces, or just one? If just one, which is better, internal or external? - Should I run Snort in permiscuous mode? I don't see any reason to, since neither side has a hub, but I'm just checking to make sure. Thanks! Ron
- ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC4TNQfqSf2EkP4p4RAiTnAJ46dJ0gF4FUqVF70BkBbS4rhiqgmACeM4oX Xl1FOlNogB7cKgwbvO8LGuY= =b/G4 -----END PGP SIGNATURE----- ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort on Multiple Interfaces Ron (Jul 21)
- Re: Snort on Multiple Interfaces Joel Esler (Jul 22)
- Re: Snort on Multiple Interfaces Ron (Jul 22)
- Re: Snort on Multiple Interfaces Joel Esler (Jul 22)