Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort sensor on virtual machine...[?]

From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Wed, 11 Apr 2012 10:29:29 -0600
Hi,

I can tell you that I am running Snort sensors (in IDS mode) on a VMWare system and it is working great.  I don't have 
tons of traffic though, generally around 200 MB/s max.



-----Original Message-----
From: Corbin Fletcher [mailto:corbin () freeway com] 
Sent: Wednesday, April 11, 2012 8:22 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort sensor on virtual machine...[?]

Greetings Snort community,

I am a member of a small team who operates a data center. Our company provides VoIP services for corporations. We 
utilize primarily open source application. We run Debian and CentOS, FreeSwitch, OpenSIP, MySQL Elastix, FreePBX, 
Proxmox, etc.

We receive a good number of SIP brute force attacks, and other security breaches on our network. And this is the reason 
for my email.

As a team we have agreed to implement a Snort sensor as a NIDS. We are currently not running any IDS and we rely on 
analyzing logs to be alerted to our network attacks.

I would like to install a Snort sensor at the edge of our network on its own dedicate machine and have it sniff all 
network traffic.

Another team member wants to run Snort on a Proxmox cluster in a virtual environment.

Can anyone advise about the pros and cons for each approach?

Or, could someone please advise on best practices for implementing a Snort sensor on our network?

Thanks in advance.

~Corbin


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: