Snort mailing list archives

RE: snort question

From: "Harper, Patrick" <Patrick.Harper () phns com>
Date: Fri, 18 Feb 2005 15:02:14 -0600
True, the scare factor can be a good thing around budget time :) 

-----Original Message-----
From: Ballard, Sean (HHS/OS) [mailto:Sean.Ballard () hhs gov] 
Sent: Friday, February 18, 2005 2:37 PM
To: Harper, Patrick; Blair Woodmansee; Jason Warren;
snort-users () lists sourceforge net
Subject: RE: [Snort-users] snort question

To play devils advocate to that response, getting a list of attacks
being
thrown at you via your internet NID is a great way to get the powers
that be
to loosen up some budget money for your security initiatives. Plus it is
also good to know internet attack trends that hit your address space. My
view is get as much information you can from all sources you can.


-----Original Message-----
From: Harper, Patrick [mailto:Patrick.Harper () phns com] 
Sent: Friday, February 18, 2005 3:26 PM
To: Blair Woodmansee; Jason Warren; snort-users () lists sourceforge net
Subject: RE: [Snort-users] snort question

I think we are saying the same thing.  I was talking internal firewall
interface and core switch :) 

-----Original Message-----
From: Blair Woodmansee [mailto:Blair () calcasieu lib la us] 
Sent: Friday, February 18, 2005 2:20 PM
To: Harper, Patrick; Jason Warren; snort-users () lists sourceforge net
Subject: RE: [Snort-users] snort question


I prefer to set mine up in between my firewall and my LAN.  This way you
are gaining information on only traffic that has made it through the
filtering.  No sense gathering information on attacks that your firewall
can stop.
Blair Woodmansee MCSE, CCNA
System Administrator
Calcasieu Parish Public Library
(337) 437-3484 ext. 19
(337) 437-3652 Fax
 
 
"The single biggest problem in communication is the illusion that it has
taken place"    George Bernard Shaw
-----Original Message-----
From: Harper, Patrick [mailto:Patrick.Harper () phns com] 
Sent: Friday, February 18, 2005 2:00 PM
To: Jason Warren; snort-users () lists sourceforge net
Subject: RE: [Snort-users] snort question

You are going to get a lot of answers.  

I like an inline tap between the switch an the router.  In my opinion
you see the most amount of relevant data that way.  You will also want
to make sure that you tune your rules well to et rid of noise that makes
no difference to you or you will get tired of looking a the IDS real
fast.

Just my .02

-----Original Message-----
From: Jason Warren [mailto:jason () zotzdigital com] 
Sent: Friday, February 18, 2005 1:48 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort question

Curious on where snort would do its job better.


t1 - switch - web server
              dns server
               firewall - LAN

should i put snort on a box that has its own IP or on my LAN behind the 
firewall?

thanks!


jason warren


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure,
dissemination, use or reproduction is strictly prohibited. If you have
received this message in error, please delete it and notify the sender
immediately. 





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users








Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure,
dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

snort question Jason Warren (Feb 19)
- <Possible follow-ups>
- RE: snort question Harper, Patrick (Feb 19)
  - Re: snort question Jason Warren (Feb 19)
- RE: snort question Blair Woodmansee (Feb 19)
- RE: snort question Harper, Patrick (Feb 19)
- RE: snort question Ballard, Sean (HHS/OS) (Feb 19)
- RE: snort question Harper, Patrick (Feb 19)
- Re: snort question Jason Warren (Feb 19)
  - RE: snort question Patrick S. Harper (Feb 19)
  - RE: snort question tony cowling (Feb 19)
  - RE: snort question Jim Hendrick (Feb 19)