Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort question

From: "Blair Woodmansee" <Blair () calcasieu lib la us>
Date: Fri, 18 Feb 2005 14:20:29 -0600

I prefer to set mine up in between my firewall and my LAN.  This way you
are gaining information on only traffic that has made it through the
filtering.  No sense gathering information on attacks that your firewall
can stop.
Blair Woodmansee MCSE, CCNA
System Administrator
Calcasieu Parish Public Library
(337) 437-3484 ext. 19
(337) 437-3652 Fax
 
 
"The single biggest problem in communication is the illusion that it has
taken place"    George Bernard Shaw
-----Original Message-----
From: Harper, Patrick [mailto:Patrick.Harper () phns com] 
Sent: Friday, February 18, 2005 2:00 PM
To: Jason Warren; snort-users () lists sourceforge net
Subject: RE: [Snort-users] snort question

You are going to get a lot of answers.  

I like an inline tap between the switch an the router.  In my opinion
you see the most amount of relevant data that way.  You will also want
to make sure that you tune your rules well to et rid of noise that makes
no difference to you or you will get tired of looking a the IDS real
fast.

Just my .02

-----Original Message-----
From: Jason Warren [mailto:jason () zotzdigital com] 
Sent: Friday, February 18, 2005 1:48 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort question

Curious on where snort would do its job better.


t1 - switch - web server
              dns server
               firewall - LAN

should i put snort on a box that has its own IP or on my LAN behind the 
firewall?

thanks!


jason warren


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure,
dissemination, use or reproduction is strictly prohibited. If you have
received this message in error, please delete it and notify the sender
immediately. 





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: