Snort mailing list archives
Re: Recommended hardware for running snort in packet logging mode on home network proxy?
From: Greg Williams <gwillia5 () uccs edu>
Date: Sat, 23 Mar 2013 14:40:05 +0000
For home I use a customized version of Security Onion on a core 2 duo with 2 gb of ram. The machine runs as a router for my ISP as well so the modem is set to bridged mode. I have 2 NICs in it one, one incoming from the modem, the other one bridged to the PPP connection going my wireless router and the wireless router goes into another switch for my wired ports around the house. Works perfectly so there is essentially no way to bypass my connection. I also have it logging Snort/Bro information to Splunk so I have non repudiation built into the logging system. By default Security Onion runs Bro IDS and Snort, Bro logs all DNS and HTTP requests and those logs go into Splunk as well. Splunk sends me at midnight each night a report of all firewall hits off the computer. Also I use OpenDNS to stop accidental "blocked" site DNS requests. I wrote scripts to start everything up automatically so if the power goes out I don't have to come home and start up the PPP connection and firewall bridge manually if the power goes out. Greg Williams IT Security Principal University of Colorado at Colorado Springs ________________________________________ From: Mike Miller [mike () millertwinracing com] Sent: Friday, March 22, 2013 8:02 PM To: John Michael Kane Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Recommended hardware for running snort in packet logging mode on home network proxy? Net gear makes a managed switch that'll mirror traffic, it's not expensive, look for a GS105e (specifically....there are other similar ones that are NOT managed) it'll be about $70 and has enough ports to monitor two segments ( inside and DMZ in my case) And anything Pentium4 or newer oughta handle home traffic. On Mar 22, 2013, at 6:35 PM, John Michael Kane <johnmkane05 () gmail com> wrote:
Guys, I want to position a squid proxy in between my home PCs and my ISP-supplied broadband modem/router, probably running some version of Debian. What would be the recommend hardware spec for running this with snort in packet-logging (to file) mode (and does the IDS functionality still work while packet logging is enabled?) bearing in mind it's just a home network with about 7-8 devices max connecting at any one time. Also would I experience much of an increase in latency on my connected devices by adding this extra hop? Most demanding network activity would probably be HD streaming between a DLNA server and client machine. Also I'd probably want to allow both wired and WiFi connections into this proxy from the PCs (with a single outgoing wired connection direct to the modem). Can snort monitor two incoming network adapters, one WiFI one ethernet? Or it could just monitor the outgoing ethernet connection I guess? Thanks for any pointers in the above three areas. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Recommended hardware for running snort in packet logging mode on home network proxy? John Michael Kane (Mar 22)
- Re: Recommended hardware for running snort in packet logging mode on home network proxy? Mike Miller (Mar 22)
- Re: Recommended hardware for running snort in packet logging mode on home network proxy? Greg Williams (Mar 23)
- Re: Recommended hardware for running snort in packet logging mode on home network proxy? Mike Miller (Mar 22)