Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: (Snort-users) Correct setup

From: <sandro.poppi () wacker com>
Date: Fri, 02 Nov 2001 09:05:00 +0100
I want to monitor with snort sensor traffic that comes
through or firewall.
In order to do so I connected snort machine to the lan switch
and configured
switch to mirror all traffic from the lan firewall nic to
snort sensor port.
Is that a correct way to figure out what comes through
firewall and reaches
the lan network?


Doing so does work well for me. But remember to secure the snort machine as much
as possible, because when the box is compromised there may be a "workaround" for
the firewall!

No IP for the "snorted" interface, use a receive only cable (see the FAQ 3.1 for
that) but be warned: It may not work with a switch!


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: