Snort mailing list archives
snort with shorewall - recommendation
From: Roland RoLaNd <r_o_l_a_n_d () hotmail com>
Date: Thu, 29 Aug 2013 22:21:53 +0300
Dear all, I'm new to snort and open source IDS/IPS all together so bear with me. i have the requirement to install snort on a network of 30 users which use PAT to reach the internet. Expected design is to have one box running debian that has the following services and facing the internet.shorewalldnsmasqsquid i read part 1 and part II of Wiley Publishing - Snort For Dummies [2004] but it's a bit outdated and i'm worried things would have changed by now. Moreover, i have three questions that i hope you can help me answer: - if i want to run snort on the gateway itself (mentioned above) should i run it as NIDS or HIDS ? - Since internet traffic for all users is already going through this box, do i still need to set the interface to run in promiscuous mode?- squid/proxy is running in transparent mode. is there any special config for snort in this case? PS: is it AOK to install snort on the firewall itself? any advice would be appreciated.
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort with shorewall - recommendation Roland RoLaNd (Aug 29)