Snort mailing list archives
RE: Running snort on a firewall
From: Fraser Hugh <hugh_fraser () dofasco ca>
Date: Thu, 20 Dec 2001 14:02:06 -0500
I prefer to run an IDS on a second box, either outside or inside the firewall (or better still both) depending upon what you want to see. Philosophically speaking, I like to keep firewalls as simple as possible, stripping them down to the bare necessities. Practically speaking, the firewall is likely to be the target of attacks, and may not be able to notify me when necessary if, for instance, it's suffering under the load of a DOS attack. The IDS, ideally, uses an un-configured NIC to monitor the network, and is for all intents and purposes invisible, generating no traffic on the network being monitored, and not likely to be profiled using the anti-sniffer tools. What you're asking to do is technically possible, but the small additional cost of a second machine for an IDS gives a more manageable, secure solution.
-----Original Message----- From: Linux Boy [mailto:cslinuxboy () hotmail com] Sent: Thursday, December 20, 2001 1:12 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Running snort on a firewall Hello Everyone, I am new to snort. I tried some examples on a LAN workstation, now I want to see and monitor it all. We have a linux firewall running netfilter/iptables. Can I run snort on the firewall without impacting the firewalls performace/security. Any advise would be good. Thanks in advance. Mike ------ Begin Geek CODE ------------------------------------ GCS/GCC d--(d++) s: a--<<a? C+++ L++++ P+ E- W++>>+++ N+ o+ K?? !!!!!!!!w O- M->L V PS+ !PE>PE!! Y++ PGP++ t+++@DATA !5 X+ !!!R->>R-- tv b++@!SAUNI DI D+ G e++>>AS400/HAL h++(h!) r-!r+++ y+ ------------ End of Geek CODE ----------------------------- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Running snort on a firewall Linux Boy (Dec 20)
- Re: Running snort on a firewall Bruno Gimenes Pereti (Dec 20)
- <Possible follow-ups>
- RE: Running snort on a firewall Fraser Hugh (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)
- RE: Running snort on a firewall J. Craig Woods (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)
- RE: Running snort on a firewall Saad Kadhi (Dec 20)