Security Basics mailing list archives
Re: Passive Snort Setup
From: Ray Van Dolson <rvandolson () esri com>
Date: Thu, 19 Feb 2009 19:46:51 -0800
On Thu, Feb 19, 2009 at 04:19:08PM -0800, Daniel Hood wrote:
Is it possible to set up a Snort IDS system with a topology like this: hosts > switch > Snort-IDS > Router But, have no ip address on either interface of the snort box and it just forward packets through after checking them for malicious activity? I don't want the snort box to do NAT or be the default gateway, I just want it to passively be there. Daniel
You could use the span port option on your managed switch, or, set up a network tap between your switch and its uplink to the router. The snort documentation page on their site has extensive information on network taps (you can buy them or build them). Ray
Current thread:
- Passive Snort Setup Daniel Hood (Feb 19)
- Re: Passive Snort Setup Ivan . (Feb 19)
- Re: Passive Snort Setup Ray Van Dolson (Feb 19)
- Message not available
- Fwd: Passive Snort Setup Daniel Hood (Feb 20)
- RE: Passive Snort Setup Gould, Scott (Feb 20)
- Message not available
- Re: Passive Snort Setup Javier Reyna (Feb 19)
- RE: Passive Snort Setup Jeremi Gosney (Feb 20)
- Re: Passive Snort Setup Michal Purzynski (Feb 20)