Snort mailing list archives
RE: Newbie Questions
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Mon, 18 Jun 2001 12:51:25 -0400
My opinion is, I know that I will see a ton of attacks OUTSIDE my firewall, so I am not as concerned about watching that traffic as I am watching traffic INSIDE my firewall (the traffic that I am purposely letting into my network). For starters, I recommend a Snort sensor INSIDE the firewall, so it is monitoring all traffic that you are specifically allowing into your network. From there you can work on the bad stuff that is sneaking in. If you are in a switched environment, you can setup a spanned port from the internal firewall interface to your snort box. If your using hubs, just plugin to the same hub as where the internal firewall interface is plugged in. That's a good start. Paul Sheahan Manager of Information Security Priceline.com paul.sheahan () priceline com -----Original Message----- From: Tim Parker [mailto:hostmaster () ebworld com] Sent: Monday, June 18, 2001 11:30 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Newbie Questions I have just started to toy with SNORT and am curious about something. I haven't found many good newbie instructions for configuring and placing a "snort server" I have a linux box that I have set up in our office that can see our web servers, firewall, etc. which is in a remote location connected by a private T1. I would like for testing to be able to use this to monitor traffic behind our firewall first. I plan later to add another server outside the firewall once I get a good grasp on what I am doing and seeing. Can any provide info, links etc. on how to set this up for testing? thanks. Tim Parker _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie Questions Tim Parker (Jun 18)
- RE: Newbie Questions jan (Jun 18)
- <Possible follow-ups>
- RE: Newbie Questions Tim Parker (Jun 18)
- RE: Newbie Questions Sheahan, Paul (PCLN-NW) (Jun 18)