Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort placement

From: "J. Craig Woods" <drjung () trismegistus net>
Date: Sun, 04 Aug 2002 14:22:26 -0500
neptuna wrote:


Hi

I am new to snort. I have a simple home LAN, with a Cable modem and a
linux box acting as a Router/ FW.  I have 3 machines on the inside. All
are connected to a cheap little D-link switch. Is my only option to put
snort on the Linux Router/FW ?
I have read the FAQ concerning this but i am still not sure. Any
suggestions or pointers to more documentation is appreciated.

Thanks



If your gateway/firewall server is a multi-homed system (dual nics),
putting the sensor on the external nic works nicely for me. If you are
running a single nic server, you might want to look elsewhere for sensor
location, i.e. maybe your switch, if it supports port mirroring...

Just some thoughts,
drjung

-- 
J. Craig Woods
UNIX/NT Network/System Administration
http://www.trismegistus.net/resume.html
Character is built upon the debris of despair --Emerson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: