Snort mailing list archives
Re: Alerts from DMZ
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 20 Nov 2001 08:50:29 -0800 (PST)
On Tue, 20 Nov 2001, Petriz, Pablo wrote:
I want to install Snort with a stealth interface to sniff on
DMZ and i want Snort to send alerts to some NT boxes on the
Internal Net in a secure (best secure) way.
I have this instalation:
External Net ----- Firewall ------- Internal Net
|
|- Snort
|
DMZ
The FW allows some traffic btw ExtNet<->DMZ, some
from IntNet->DMZ and blocks btw ExtNet<->IntNet.
Add a second NIC card on the snort box. Connect 2nd NIC to the internal net with an IP. Make sure your firewall rules don't allow _any_ traffic to the snort box to pass. Build a read only cable and place that cable on your stealth interface. Now, your box will be happy, you can connect to it from inside your net, but no other way. Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alerts from DMZ Petriz, Pablo (Nov 20)
- Re: Alerts from DMZ Erek Adams (Nov 20)
- <Possible follow-ups>
- RE: Alerts from DMZ Petriz, Pablo (Nov 20)
- RE: Alerts from DMZ Erek Adams (Nov 20)
- RE: Alerts from DMZ Abe L. Getchell (Nov 20)
- RE: Alerts from DMZ Erek Adams (Nov 20)