Multiple instances of Snort

[Micheal Cottingham <micheal.cottingham () sv vccs edu>]

In short, here's what I'd like to do:

I am a security technician for a college, and the college runs a public 
cyber cafe. We also offer wireless access. One of the problems is that 
there is little auditing in place for the wireless users. I'd like to 
setup IAS (I have to use Windows, otherwise I'd use freeradius.org), but 
there is no "nice" frontend for IAS. I'm thinking I could use MySQL and 
PHP and exec() IAS's command line options since IAS does not yet have 
scripting support. Here's where Snort would come in. Snort would log the 
packets coming to and from a user, and if something fires a filter in 
Snort, it would alert the cyber cafe monitor, and based on the 
severity/number of alerts for the user, the cyber cafe monitor could 
kill the session for the user. So, I'd like to fork Snort for each user. 
I don't expect more than say 5 wireless users at a time, but of course 
the more that I can get the application and Snort to scale, the better. 
My question is how well would Snort handle in such an environment with 
regards to resources, or is something like this even possible currently? 
Thanks.

_____________________________________
Micheal Cottingham, Comptia A+
micheal.cottingham () sv vccs edu
1-434-949-1078



-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users