Snort mailing list archives
Re: Where do I need to put my Snort sensor outside of the firewall in order for FlexResponse to work?
From: Marty.Bostick () protective com
Date: Thu, 20 Sep 2001 08:13:48 -0500
I have multiple Snort sensors in place within my network, however when situations such as the "Nimda" worm arise, I would like to be able to reset those connections and drop them before they even reach my firewall. Currently, I have created a new stripped down install of Snort with only the rules that I want to enforce FlexResponse on (Approx. 5 of them). I have placed this sensor outside of my firewall (in parallel) and it is mirroring the port of the outside Firewall interface. So far, it seems to catch every rule that I want it too, however it never once has dropped an offending connection from an intruder. Does this device have to be placed inline before it reaches the firewall and does it have to use 2 NICS? I am lost and really need help here. Thanks. Marty Bostick Database Administrator (205) 423-5079 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Where do I need to put my Snort sensor outside of the firewall in order for FlexResponse to work? Marty . Bostick (Sep 20)
- Re: Re: Where do I need to put my Snort sensor outside of the firewall in order for FlexResponse to work? roel (Sep 20)
- <Possible follow-ups>
- Re: Where do I need to put my Snort sensor outside of the firewall in order for FlexResponse to work? Marty . Bostick (Sep 21)