Re: firewalling snort machine

["Basil Saragoza" <snortlst () hotmail com>]

I run demarc so I would like to be able to have public ip to be able to check alerts from home using https.
I was thinking about using ipchains on snort machine to block everything incoming besides https....
  ----- Original Message ----- 
  From: Sean T. Ballard 
  To: Basil Saragoza ; snort-users () lists sourceforge net 
  Sent: Thursday, February 21, 2002 11:36 AM
  Subject: RE: [Snort-users] firewalling snort machine


  Here how I do it. Have 2 nics in it, one public one private. Unbind tcpip off the public interface and just have the 
card in promisc mode. Then on your private interface setup and IP so you can check the logs. This way no internet 
traffic can connect to the IDS but it still logs everything. (Make sure if your plugging the IDS into a switch that the 
ports are mirrored to the port the IDS's public interface is in)
   
  -Sean
    -----Original Message-----
    From: Basil Saragoza [mailto:snortlst () hotmail com]
    Sent: Thursday, February 21, 2002 10:56 AM
    To: snort-users () lists sourceforge net
    Subject: [Snort-users] firewalling snort machine


    I have a snort machine exposed to the internet (connected to our internet switch, it monitors traffic coing to the 
firewall public nic).
    Is it safe to install firewall on snort machine and disable ALL incoming traffic to snort machin from the internet? 
Will it affect snort functionality?
    (My guess would be it won't cause snort sniffs packets fro the switch and it is not dependent on internet 
connectivity, but I just want to make sure that mu guess is correct)
    thx.