Re: router installation?

[Jason Haar <Jason.Haar () trimble co nz>]

Jason wrote:

> Once you have logging figured out you have many options on how to 
> actually configure Snort. You can run multiple instances or have Snort 
> monitor the virtual interface "any". If this were not a firewall then 
> interface bonding might be appropriate to enable selective interface 
> monitoring with a single instance of Snort.


I don't think bonding "disables" using the "raw" Ethernet cards at the 
same time(?). That could indeed be a usable option (depending on load of 
course). Bond all the Ethernet cards as "bond0" and monitor that with 
snort whilst the firewall part carries on doing it's job with the "raw" 
eth* interfaces.

I would suggest specifically installing firewall rules disabling any 
OUT/FORWARD traffic to bond0 - just to be on the safe side...

Jason




-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users