Snort mailing list archives
Re: RE: Snort-users digest, Vol 1 #3309 - 9 msgs
From: Jeff Nathan <jeff () snort org>
Date: Sat, 28 Jun 2003 17:48:58 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When replying to digest messages, please trim the message body to contain only the message you're replying to. Otherwise, your message contains the entire digest and is unnecessarily large. - -Jeff - --On Friday, June 27, 2003 21:25 -0500 Christian Tortorich <ctorto1 () lsu edu> wrote:
I have recently installed snort with snortcenter and the ACID management console on a dual pIII 500 system with a gig of ram and pretty good network cards (Intel gigabit and 100 Mb). The box is acting as a bridge and im filtering the incoming traffic with IPCHAINS. Im interested in both whats going on on the inside (!) and the outside of my network. This is an excellent tool. I have 2 quick questions 1) When snort reports that packets are dropped, should I take that to mean that they are dropped on the floor or just that Snort couldt look at them fast enough so it skipped them? I want to montior traffic, but not at the expense of packet loss. 2)I have a LAN on one side of this box with about 100 clients and a connection to a gig E backbone on the other side. Is my snort box configuration reasonable? Should I be droppping packets consistently? Regards Chris Tortorich ctorto1atlsudotedu
- -- http://cerberus.sourcefire.com/~jeff (gpg key available) Great spirits have always encountered violent opposition from mediocre minds. - - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+/jd+Eqr8+Gkj0/0RAkUlAJ0QwJNPQsCsp4z+H8B4sEMSOqKGFACgol3E n0zBE4PGjwNDlryQNnS1IfY= =STxj -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort-users digest, Vol 1 #3309 - 9 msgs Christian Tortorich (Jun 27)
- Re: RE: Snort-users digest, Vol 1 #3309 - 9 msgs Erek Adams (Jun 27)
- Re: RE: Snort-users digest, Vol 1 #3309 - 9 msgs Rich Adamson (Jun 28)
- Re: RE: Snort-users digest, Vol 1 #3309 - 9 msgs Jeff Nathan (Jun 28)
- Re: RE: Snort-users digest, Vol 1 #3309 - 9 msgs Erek Adams (Jun 27)