Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: running it all on 1 box....

From: twig les <twigles () yahoo com>
Date: Mon, 7 Jul 2003 13:26:19 -0700 (PDT)
IPFW is FreeBSD-specific, so you could get into trouble.  If you
use SSH port-forwarding or stunnel then you can just pick a
random high TCP port to ship data thru the firewall.  Heck you
can do that without the encryption.  Aside from that sql
traffic, the database server shouldn't need to talk to *anyone*
in the DMZ/outside world.  We also use jump-off points in our
net, so most boxes are firewalled to only accept SSH from a few
different IPs, even on the inside.

So essentially we set up every layer as if the others don't
exist and then hope we are too annoying to penetrate :)

--- Scott Renna <srenna () d-a-s com> wrote:

Hello,

I'm still testing out Snort and its associated peripherals on
a system
here at work, however, my problem is that my company doesn't
seem to
want to spend money....ever.  Basically here's what I got
going on.  I'm
running the demo system right now as a 266 with 64MB of RAM. 

I'm wondering....how much am I going to actually be able to
run on that
box, and have the system keep up with the work.  I've been
running tests
and barnyard seems to be able to keep up with the alerts it
receives
from snort(it takes it a few minutes to actually process
through it all
and then write to the appropriate log files).  Is it a good
idea to even
ATTEMPT to run PostgreSQL and Apache and ACID? 

Also, I've read in many of the guides that it is preferred to
running
the database on a separate system on the "inside".  While I
can see this
would be a good idea(since if the Snort box got hacked the
information
could be removed), it also opens up a door into the Internal
Network.
What type of filtering and protection schemes have you all
tried that
have a setup like this?  I would think IPFW would be the
logical choice,
but would like some feedback.

Thanks,

Scott

***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

*************************** 



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites
including
Data Reports, E-commerce, Portals, and Forums are available
now.
Download today and enter to win an XBOX or Visual Studio .NET.


http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: