Snort mailing list archives
Re: router installation?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Tue, 05 Oct 2004 04:18:13 +1300
Jason wrote:
Once you have logging figured out you have many options on how to actually configure Snort. You can run multiple instances or have Snort monitor the virtual interface "any". If this were not a firewall then interface bonding might be appropriate to enable selective interface monitoring with a single instance of Snort.
I don't think bonding "disables" using the "raw" Ethernet cards at the same time(?). That could indeed be a usable option (depending on load of course). Bond all the Ethernet cards as "bond0" and monitor that with snort whilst the firewall part carries on doing it's job with the "raw" eth* interfaces.
I would suggest specifically installing firewall rules disabling any OUT/FORWARD traffic to bond0 - just to be on the safe side...
Jason ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- router installation? Magnus Ternström (Oct 03)
- Re: router installation? Jason (Oct 03)
- Re: router installation? Jason Haar (Oct 04)
- Re: router installation? Jason (Oct 04)
- Re: router installation? Alex Butcher, ISC/ISYS (Oct 05)
- Re: router installation? Jason Haar (Oct 04)
- Re: router installation? Jose Maria Lopez (Oct 04)
- Re: router installation? Jason (Oct 03)