Snort mailing list archives
Re: snort placement
From: neptuna <neptuna () neptuna org>
Date: 06 Aug 2002 06:54:36 -0400
Here is my setup.
Cable Modem
|
|
..........(Nic 3)...........Dlink switch
| |
| |
| ------------------------------------------------
| | | | |
| Router/FW/Snort Comp1 Comp2 Comp3
........(3 NICs)
Nic 1 is the gateway to the Internet. (Router/FW). Snort cannot listen on this Nic.
Nic 2 is the gateway to my LAN. This is the trusted Nic.
Nic 3 is the promiscuous NIC listening to the traffic coming in. Snort is listening on this Nic 3.
What do you mean by trusted NIC?
For the Snort Nic, use a good Nic like 3Com, which is believed not to drop as many packets as a NE2K Nic.
3-com is what I use.
Suggestions for Nic 3 - Do not set any IP address for the Nic
Do not broadcast the ARP address.
Ok. so make this NIC as stealthy as possible?
Hope this helps. Good luck.
yes, it does. now i have a few good ideas to work with thanks to this group! Thanks ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: snort placement, (continued)
- Re: snort placement David Yip (Aug 04)
- Re: snort placement Christopher Cook (Aug 04)
- Re: snort placement neptuna (Aug 04)
- Re: snort placement Andreas Östling (Aug 04)
- Re: snort placement neptuna (Aug 04)
- Re: snort placement Christopher Cook (Aug 04)
- Re: snort placement neptuna (Aug 04)
- Re: snort placement neptuna (Aug 04)
- Re: snort placement neptuna (Aug 05)