Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Preferrable location?

From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 19 Nov 2001 22:23:19 -0800 (PST)
On Mon, 19 Nov 2001, Ronneil Camara wrote:


a) Where would be the preferrable location of snort box on a network
with firewall (internal, dmz)? Do I need more than 1 snort?


http://www.snort.org/docs/faq.html#2.3


b) What would be the advantage of having 2 nics on a snort box?


Setup one as a 'stealth' interface, and the second as a management NIC.

http://www.snort.org/docs/faq.html#3.1


c) What o.s. is recommended for snort?


Ummm...  Not Linux.  ;-)  Seriously, look at one of the BSD variants.  IIRC,
most development is done under FreeBSD or OpenBSD.  IMHO, Linux isn't
standardized enough across the board for something this critical.  [Sorry, I'm
a Solaris Bigot. ;-) ]  Some folks are getting good use out of Linux based
sensors, though!  (See Abe Getchell's postings to snort-devlopers...]  Short
Answer:  Use what you know.  Long Answer:  Use the simplest first, then expand
to what works the best.  Now, as to what works best....  That's another game!

Hope this helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: