Snort mailing list archives

Re: ideal setup

From: Robert Cole <robert () support4linux com>
Date: Wed, 7 Aug 2002 22:58:19 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm a network engineer by trade and I'm doing this on my home network of 
computers as a learning point to really get familier with it.

I'll probably try this in a couple of different configs.

I just wanted to get an idea of the sorts of things I'm looking for and have 
some ideas rolling around in my head before I get in extremely deep to 
howto's and docs. If I don't have some idea of why and how in my head already 
my eyes glaze over reading docs for just the sake of learning. :) I have to 
have a point and reason to read em then I have DRIVE! :)

Thanks everyone for your input. Very much appreciated. I'm sure I'll be back 
with some brutal questions in few days or after linuxworld. :)

Robert

On Wednesday 07 August 2002 02:28 pm, Keith Young wrote:

Robert Cole wrote:

Ok lets go for a not so dream setup. How about snort running on the
firewall machine and sending its logs to a syslog server. That a decent
setup if the syslog server is heavily protected as well?


Robert,

I wouldn't run Snort on the firewall for two reasons:
      * Snort will put the interfaces into promiscuous mode
      * running extra services usually isn't a good idea

What about running a Snort box outside and a Snort box inside which
sends log data to the syslog server in the DMZ?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9Ugh7OWbzte5wVEURAtz9AJ4y3CjdYrS81NSYuvlbgK8+cUMQkQCfZ7bT
n+K5p/45HMKmDVDv/Xgn+yE=
=QJ+i
-----END PGP SIGNATURE-----



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ideal setup Robert Cole (Aug 07)
- Re: ideal setup quentyn (Aug 07)
  - Re: ideal setup Robert Cole (Aug 07)
    - Re: ideal setup Keith Young (Aug 07)
    - Re: ideal setup Robert Cole (Aug 07)
- <Possible follow-ups>
- RE: ideal setup Kevin Brown (Aug 07)
  - Re: ideal setup Keith Young (Aug 07)
  - RE: ideal setup twig les (Aug 09)
- RE: ideal setup Kevin Brown (Aug 08)