Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best way to deploy snort

From: Glenn English <ghe () slsware com>
Date: Mon, 5 Apr 2010 20:02:49 -0600

On Apr 5, 2010, at 7:51 PM, Kum Weng Luey wrote:


One last question: Would snort be better off being placed in the DMZ to sniff incoming traffic or within the internal 
LAN between the router and the firewall. 


I'm in the midst of building a Linux WAN/DMZ/LAN packet-filter/IDP/router box. I'm currently planning to run Snort on 
it in inline mode, with feedback (from some rules) to the packet-filter.

Inline, on the grounds that I really don't care that much if there are attacks on the net, if they aren't getting 
through the packet-filter (and to save a few CPU cycles).

-- 
Glenn English
ghe () slsware com




------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: