Snort mailing list archives
AW: (Snort-users) Correct setup
From: <sandro.poppi () wacker com>
Date: Fri, 02 Nov 2001 09:05:00 +0100
I want to monitor with snort sensor traffic that comes through or firewall. In order to do so I connected snort machine to the lan switch and configured switch to mirror all traffic from the lan firewall nic to snort sensor port. Is that a correct way to figure out what comes through firewall and reaches the lan network?
Doing so does work well for me. But remember to secure the snort machine as much as possible, because when the box is compromised there may be a "workaround" for the firewall! No IP for the "snorted" interface, use a receive only cable (see the FAQ 3.1 for that) but be warned: It may not work with a switch! _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) Correct setup sandro.poppi (Nov 02)