Snort mailing list archives
RE: sanity check
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Mon, 8 Jul 2002 09:14:40 -0400
I've assigned the snort box an ip of 192.168.1.5 to the eth0 and plugged it into the back of the linksys and designated that address as the dmz host.
A DMZ is not a monitoring segment. Unless you're routing traffic to the DMZ, systems there won't see anything.
Now as I understand it the linksys should expose the snort box to the internet without firewall filtering and I should see some scans from the script kiddies on the internet.... Am I right here? Or...should I put the eth1 into a hub infront of the linksys? jim kelly
Put eth1 into a hub in front of the router. This will allow Snort to see everything that the router's external interface sees, which is (generally) speaking) what you want. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Oh, it's good to be a geek. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sanity check Jim Kelly (Jul 08)
- <Possible follow-ups>
- RE: sanity check McCammon, Keith (Jul 08)