Snort mailing list archives

RE: snort question

From: "Jim Hendrick" <jrhendri () maine rr com>
Date: Sat, 19 Feb 2005 17:24:04 -0500

One thing I must comment on from your first posting is that you seem to have
no firewall between your servers and the Internet. You really would be
better addressing this before you worry about installing snort *anywhere*.

That said, a tap simply lets you see everything that goes through it. 
It acts *similarly* to a (true) hub, except it also shows illegal signals on
the wire that would not show up with (either) a hub or a switch (both a hub
and switch can only transmit protocols they understand, so signals outside
their ability to understand never will show up)

A tap is nice if you can afford it, but depending on the bandwidth to the
Internet, you might be able to use a hub there (to save money).

But please, address the firewall issue first. Does your current one have a
3rd interface? If not, you should look into getting one that does (if budget
is a problem, look into a Linux box w/ 3 NICs to replace your existing
firewall).

And (soon) you need to start talking to your management about Internet
access (not sure how big a company you are, but anyone surfing porn at work
can get you sued. Worse yet, now that you are aware of it, you are
responsible for bringing this to management or this can be used as
implicitly allowing it. It may simply need to be a formal policy and putting
the employees on notice to "behave themselves", but you need to get it
addressed before you have a harassment (or other) problem.

Jim


 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason Warren
Sent: Friday, February 18, 2005 11:34 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort question


Mainly detection of break in attempts, bad logins, etc. We are a small 
business so I do not really care about what is going out. (unfortunately 
our sales guy already showed me the porn he looks up..... )

question on one of those taps i was apparently offered " a sweet deal " 
on. does that allow me to monitor my LAN and my servers that are out 
side the FW? i am not familiar with those devices.

thanks!

tony cowling wrote:

Hi Jason.
What are you trying to achieve?

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason 
Warren
Sent: Friday, February 18, 2005 2:48 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort question

Curious on where snort would do its job better.


t1 - switch - web server
            dns server
               firewall - LAN

should i put snort on a box that has its own IP or on my LAN behind 
the
firewall?

thanks!


jason warren


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real 
users. Discover which products truly live up to the hype. Start 
reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Jason Warren
IT Manager/Customer Relations
Zotz Digital - Apple Pro Video/Audio Reseller
541.472.9522 - http://www.zotzdigital.com
------------------------------------------------------
Join the Zotz Discussion List.
email: zotz-list-request () zotzdigital com with the word 'subscribe' in the
email body.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort question Jason Warren (Feb 19)
- <Possible follow-ups>
- RE: snort question Harper, Patrick (Feb 19)
  - Re: snort question Jason Warren (Feb 19)
- RE: snort question Blair Woodmansee (Feb 19)
- RE: snort question Harper, Patrick (Feb 19)
- RE: snort question Ballard, Sean (HHS/OS) (Feb 19)
- RE: snort question Harper, Patrick (Feb 19)
- Re: snort question Jason Warren (Feb 19)
  - RE: snort question Patrick S. Harper (Feb 19)
  - RE: snort question tony cowling (Feb 19)
  - RE: snort question Jim Hendrick (Feb 19)