Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: sanity check

From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Mon, 8 Jul 2002 09:14:40 -0400
I've assigned the snort box an ip of 192.168.1.5 to the eth0 
and plugged it 
into the back of the linksys and designated that address as 
the dmz host.


A DMZ is not a monitoring segment.  Unless you're routing traffic to the DMZ, systems there won't see anything. 


Now as I understand it the linksys should expose the snort box to the 
internet without firewall filtering and I should see some 
scans from the 
script kiddies on the internet....

Am I right here? Or...should I put the eth1 into a hub 
infront of the linksys?
jim kelly


Put eth1 into a hub in front of the router.  This will allow Snort to see everything that the router's external 
interface sees, which is (generally) speaking) what you want.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Oh, it's good to be a geek.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: