Snort mailing list archives
Re: snort setup on freebsd
From: Ha Hoang <summer_beha () yahoo com>
Date: Thu, 5 Sep 2002 16:37:16 -0700 (PDT)
Hi, I'm in the process of setting up snort on my freebsd box. I have several quesitons: 1. Where should I put the snort box? 2. How many network cards/sensors do I need? 3. Any else I should do before or need to consider? 4. Is Snort easy to set up? 5. How often are the signatures database need to be updated? 6. Do I need to configure my own rules or are the canned ones sufficient? Any help you can provide will be greatly appreciated. Thanks, Ha --- Scot Scot <scotw () hotmail com> wrote:
Might look something like this: DMZ | | |TAP|-------Snort | | Cisco Router ----| TAP|-----Firewall------|TAP|------------Switch | | | | Snort Snort You can then correlate your intrusion traffic between sensors. I would not recommend using the mirroring port on a Switch, it can be very processor intensive and you may not detect all fragmented packets. Scot <snip>where would you put the DMZ and firewall? Friday, July 12, 2002, 11:41:35 PM, you wrote: SS> If you put a HUB in you'll knock your trafficdown to Half-DuplexSS> Perhaps you could throw in a TAP: SS> Cisco Router ----| NetworkTAP|-----------------HUB------------------SwitchSS> | SS> | SS> | SS> Snort Sensor SS> Here's one company (of many) off the top of myhead:SS> www.netoptics.com SS> Scot SS> ----- Original Message ----- SS> From: "Tom Sevy" <tsevy () epx com> SS> To: "user snort"<snort-users () lists sourceforge net>SS> Sent: Friday, July 12, 2002 9:30 AM SS> Subject: RE: [Snort-users] snort setupI would recommend instead that you put a decenthub in rather than put thesnort box inline. What happens when you haveto reboot the snort serverbox? You (& your users & your web visitors)will lose the internetconnection. So go with: Cisco Router---------------------HUB------------------Switch| | | Snort Sensor -----Original Message----- From: Alwin Raymundo[mailto:alrayworld () yahoo com]Sent: Friday, July 12, 2002 7:36 AM To: user snort Subject: [Snort-users] snort setup Hi all, Here is my another naive question. I want toput mysnort box in front of my switch because myswith isnot capable of port mirroring. internet -> cisco router -> snort box -> switch->servers My future setup on snort box (redhat 7.3, snort-mysqland 2 nic cards). here now the question about the 2 nic whatshould Iused ip address to these 2 nic cards, should itbe 2public ip address? or 1 public IP address and 1 network address. any help would be highly appreciated. Thanks in advance, brother in snort. ===== Alwin Raymundo__________________________________________________Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Gadgets, caffeine, t-shirts, fun stuff. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Gadgets, caffeine, t-shirts, fun stuff. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
SS>
-------------------------------------------------------
SS> This sf.net email is sponsored by:ThinkGeek SS> Gadgets, caffeine, t-shirts, fun stuff. SS> http://thinkgeek.com/sf SS>_______________________________________________SS> Snort-users mailing list SS> Snort-users () lists sourceforge net SS> Go to this URL to change user options orunsubscribe:SS>
https://lists.sourceforge.net/lists/listinfo/snort-users
SS> Snort-users list archive: SS>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Best regards, Darrenmailto:darren () horseplay demon co uk
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Gadgets, caffeine, t-shirts, fun stuff. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users === message truncated === __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort setup Alwin Raymundo (Jul 12)
- Re: snort setup Demetri Mouratis (Jul 12)
- <Possible follow-ups>
- RE: snort setup Tom Sevy (Jul 12)
- Re: snort setup Scot Scot (Jul 12)
- Message not available
- Re: snort setup Scot Scot (Jul 12)
- Re: snort setup on freebsd Ha Hoang (Sep 08)
- Re: snort setup Scot Scot (Jul 12)