Snort mailing list archives
Re: SNORT on Trend Micro Interscan virus wall box
From: Gordon Ewasiuk <gewasiuk () gnmc net>
Date: Thu, 13 Sep 2001 22:27:08 -0400 (EDT)
On Tomorrow, Jonathon.Kalaugher () sbg-ap com wrote:
Hello List, I am considering placing a copy of SNORT on a Trend Micro box Interscan virus wall box on Win2k/NT4.0. This server sits in a DMZ and intercepts all incoming SMTP, HTTP, FTP traffic destined for our Web and intranet servers. It does not process outgoing HTTP, DNS etc Does this sound like a good idea?
Hi Jonathon, Sounds like a good start. I'd suggest showing all traffic to the Snort box though. Snort appears to detect a wide range of attacks, probes, and scans. My install, which took place about two weeks ago, has all inbound and outbound traffic mirrored to a separate network directly off my Foundry switches (1st point of entry into the datacenter I work at). So, my Snort box sees everything and detects everything. Not sure if it's the optimal method (I think some might deploy the Snort box BETWEEN their external networks and internal networks, ala another firewall: Internet <-----> Snort <------> Internal networks Mine looks like this: Internet <-----> 2 Foundry Switches <-----> Firewalls <-----> internal | | snort box Your mileage may vary. Good luck! -Gordon -------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? http://www.sun.com/solaris/binaries/ ------------------------------------------------- 10:20pm up 3 day(s), 12:13, 1 user, load average: 0.01, 0.03, 0.16 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT on Trend Micro Interscan virus wall box Jonathon . Kalaugher (Sep 13)
- Re: SNORT on Trend Micro Interscan virus wall box Gordon Ewasiuk (Sep 13)