Snort mailing list archives
Re: Best way to deploy snort
From: Glenn English <ghe () slsware com>
Date: Mon, 5 Apr 2010 20:02:49 -0600
On Apr 5, 2010, at 7:51 PM, Kum Weng Luey wrote:
One last question: Would snort be better off being placed in the DMZ to sniff incoming traffic or within the internal LAN between the router and the firewall.
I'm in the midst of building a Linux WAN/DMZ/LAN packet-filter/IDP/router box. I'm currently planning to run Snort on it in inline mode, with feedback (from some rules) to the packet-filter. Inline, on the grounds that I really don't care that much if there are attacks on the net, if they aren't getting through the packet-filter (and to save a few CPU cycles). -- Glenn English ghe () slsware com ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Best way to deploy snort Kum Weng Luey (Apr 05)
- Re: Best way to deploy snort Glenn English (Apr 05)
- Re: Best way to deploy snort Paul Schmehl (Apr 06)
- Re: Best way to deploy snort Kum Weng Luey (Apr 06)