Snort mailing list archives
Re: Using SNORT for Internal IDS
From: Erek Adams <erek () snort org>
Date: Wed, 25 Jun 2003 11:22:33 -0400 (EDT)
On Tue, 24 Jun 2003, Pankaj Gupta wrote:
I am not sure if Snort can be used to monitor internal attacks or intrusion activities. Also, can I use two copies of Snort (installed on two separate servers), one to monitor the external port outside my firewall and the other to monitor specific internal ports for signature matches. Does anyone have any experience, inputs or documentation on this matter? Thanks.
Snort can be used for any type of detection. It all depends on where you place it and what you want to see. You can use as many copies as you want. It doesn't care that you're using more than one. All it takes is the correct physical placement, and the correct setting of your HOME_NET/EXTERNAL_NET. Check out the placement docs on Snort.org. They have a lot of useful info in them. You might also want to check out this [0]. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/ids_placement.txt ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using SNORT for Internal IDS Pankaj Gupta (Jun 25)
- Re: Using SNORT for Internal IDS Erek Adams (Jun 25)
- Re: Using SNORT for Internal IDS Bryan Irvine (Jun 25)
- <Possible follow-ups>
- RE: Using SNORT for Internal IDS Hutchinson, Andrew (Jun 25)
- Re: Using SNORT for Internal IDS Erek Adams (Jun 25)