Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort and firewall

From: "J. C. Woods" <drjung () sprynet com>
Date: Tue, 14 Aug 2001 17:24:06 -0500
Stephen Torri wrote:


If I have an external DSL modem hooked up to my firewall, where should I
put a machine running snort? If its behind won't I only detect if someone
has broken in?

Stephen

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


If you are saying you have a gateway/router machine that has two
interfaces, eth0 and eth1, the answer to your question would be yes. In
theory, any external packets picked up by snort on your internal
interface would indicate firewall penetration onto your private LAN.

drjung

-- 
J. Craig Woods
UNIX SA

-Art is the illusion of spontaneity-

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: