Security Basics mailing list archives
Re: Snort and ADSL
From: James Fryman <jfryman () gmail com>
Date: Fri, 24 Mar 2006 15:36:26 -0500
Mike, Two options. 1) Get yourself a passive ethernet tap. These can be made cheaply or bought for some $$. Keep in mind, good taps are not cheap. 2) Grab a cheap dummy hub, and stick it inbetween your Netscreen and your DSL modem. Stick your snort box in promiscuous mode, and snort away! I would create yourself a listening Cat5 cable on Internet NIC segment to prevent any outgoing traffic on your listening port back to the Internet. Some good documents exist on the Snort website to get you started: http://www.snort.org/docs/#deploy Good luck. -James Mike Gilligan wrote:
Hi list. I have a Netscreen 5GT ADSL FW at my home with two interfaces - inside and outside. I do have a basic set of IDS sigs on the Netscreen but I would like to set up a Snort sensor outside the Firewall to look at unblocked alerts. However, I only have an RJ11 telephone cable to my ADSL port on the Netscreen and no where to plug in a Snort sensor. I could plug it in on the inside but I miss a lot of the traffic already dropped. I know that some SOHO Firewalls like the Linksys ones let you run Snort on the box itself but this isn't an option for me. Could anyone suggest a feasible solution? thanks. _________________________________________________________________ Get an advanced look at the new version of MSN Messenger. http://messenger.msn.com.sg/Beta/Default.aspx --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- ------------------------- James Fryman email : jfryman () gmail com Cell : 757.812.3126 GnuPG : 0xDAE2C750 "Users are encouraged to engage in the application of a Nerf Bat, or a more sophisticated LART, if needed, to correct the behavioral vector of this attack. " - Bill Nash / Bugtraq Mailing List Preventing PHP Session Hijacking within a Home LAN Segment --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Snort and ADSL Mike Gilligan (Mar 24)
- Re: Snort and ADSL James Fryman (Mar 27)
- Re: Snort and ADSL Mike Gilligan (Mar 27)
- Re: Snort and ADSL Adam Botsford (Mar 28)
- Re: Snort and ADSL Mike Gilligan (Mar 27)
- Re: Snort and ADSL Gaddis, Jeremy L. (Mar 27)
- Re: Snort and ADSL Paul Johnson (Mar 28)
- Re: Snort and ADSL NiTRo (Mar 29)
- Re: Snort and ADSL Paul Johnson (Mar 28)
- Re: Snort and ADSL James Fryman (Mar 27)