Snort mailing list archives
Re: Place to install Snort
From: Minh Trung <mvtrung27 () gmail com>
Date: Sat, 24 Jan 2015 08:17:45 +0700
Hi, I think i want to Snort detect and alert,also block is better but i already have firewall. You means vmware need to connect directly to router via wire? So how the configuration on router look like? Any help is appreciated, On 24 January 2015 at 02:27, waldo kitty <wkitty42 () windstream net> wrote:
On 1/22/2015 11:43 PM, Minh Trung wrote: [...]Is this possible to place Snort on vmware ? which spec i need to configuration for this machine? I want to capture all from Router, how to configuration Snort to listen everything on Router, how configuration router look like? Any suggestion please let me knowyou probably really want to put your sensor as close to the router if you want it to sniff all the traffic the router sees... perhaps an inline configuration where the traffic passes from the router through the sensor... if not set there in inline mode, then hung off of there so sniff the traffic as it passes by... but you can probably also use a dedicated nic in the vm machine for snort to use and have that wired to a span or mirror port from the router... there are numerous ways but which you choose depends on what you want snort to do for your environment... do you want it to just detect and alert? do you want it to detect, alert and block? there're more decisions but i'm not sure of any design examples or drawings with the various layouts possible... this is something you really need to study and consider the options for... -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Place to install Snort Minh Trung (Jan 22)
- Re: Place to install Snort waldo kitty (Jan 23)
- Re: Place to install Snort Minh Trung (Jan 23)
- Re: Place to install Snort Minh Trung (Jan 28)
- Re: Place to install Snort Wei Chea Ang (Jan 28)
- <Possible follow-ups>
- Place to install Snort John Hall (Jan 24)
- Re: Place to install Snort waldo kitty (Jan 23)