Snort mailing list archives
Re: snort and firewall
From: "J. C. Woods" <drjung () sprynet com>
Date: Tue, 14 Aug 2001 17:24:06 -0500
Stephen Torri wrote:
If I have an external DSL modem hooked up to my firewall, where should I put a machine running snort? If its behind won't I only detect if someone has broken in? Stephen _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
If you are saying you have a gateway/router machine that has two interfaces, eth0 and eth1, the answer to your question would be yes. In theory, any external packets picked up by snort on your internal interface would indicate firewall penetration onto your private LAN. drjung -- J. Craig Woods UNIX SA -Art is the illusion of spontaneity- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and firewall Stephen Torri (Aug 14)
- Re: snort and firewall J. C. Woods (Aug 14)
- Re: snort and firewall GeEk (Aug 15)
- Re: snort and firewall John Sage (Aug 15)
- Re: snort and firewall Stephen Torri (Aug 15)
- Re: snort and firewall J. C. Woods (Aug 14)