Re: Snort Deployment

[Joe Pampel <jpampel () paladyne com>]

If your budget allows, the most flexible solution is a tap. Otherwise
if you have a switch outside the firewall see if it supports span
ports. You would span the port which represents the traffic you are
trying to watch.
  You need a snort sensor with 2 interfaces (min) one is ip'd and for
management, the other is unnumbered and will connect to the span port.

There are other ways, but there are two to get you started.

Joe



On May 3, 2010, at 4:38 AM, "Kum Weng Luey" <kumwengluey () gmail com>
wrote:

> Hi guys,
>
> I have been trying out snort for quite some time now and it works
> great. I do want to try implementing snort in a live environment but
> am kinda clueless how. I want to sniff for traffic before it hits
> the firewall and enters the internal network. What would be the most
> optimal setup for the PC and how many interfaces do I need?
>
> Hope to get some advice. Thanks a lot.
>
> Regards,
> KW
> <ATT00001..txt>
> <ATT00002..txt>

The information contained in this correspondence is intended solely for the person or entity entitled to receive the 
confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, 
or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone 
other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, 
please destroy and/or delete this correspondence and the attachment(s).

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users