Snort mailing list archives
Newbie question (sorta): implementing a replacement SNORT box
From: Greg Webster <greg () intouch ca>
Date: Thu, 5 Jun 2003 13:36:44 -0700
Hi all, I guess I'm not a complete newbie, as I had some experience with SNORT as part of the IPCop firewall linux distribution. I have some questions though. A few months back, a client of ours was hit with a nasty 4 day DDoS. He ended up bringing in a consultant group who borrowed a machine from us to set up a SNORT IDS machine on the network (alas, it was too late to actually capture the traffic and find the DD0Sser). Now I've got to get our machine back, which means that I've got to set up a new client machine with SNORT. The machine will be completely dedicated to sitting there waiting for a DDoS (or other attack?) to happen and hopefully capture the information necessary to stop the DDoSser permanently. My questions are...am I going down the right road? Is this going to be an onerous task? I'm quite proficient in linux, how long should I expect to spend setting up SNORT to do this? Any suggestions? Please note that I will not be able to access any configuration on the current SNORT box (much as I wish I could). Thanks, Greg ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie question (sorta): implementing a replacement SNORT box Greg Webster (Jun 05)