Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: Question on Howto setup a snort sensor in front of firewall

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 13 Feb 2002 07:10:21 +0100
Oliver,

you might also take a look at
http://www.lug-burghausen.org/projects/index.html#snort-stat.

Viel Spaß,
Sandro



-----Ursprüngliche Nachricht-----
Von: "Dörr, Oliver" [mailto:Oliver.Doerr () priacon com]
Gesendet: Dienstag, 12. Februar 2002 21:02
An: 'snort-users () lists sourceforge net'
Betreff: AW: [Snort-users] Question on Howto setup a snort sensor in
front of firewall


hello Chris ... thank you, i just try to setup linux without 
a ip adress.
Lets see how it works. I am a "newbie" in ids and linux and 
so it takes a
while to get all running. Oliver

-----Ursprüngliche Nachricht-----
Von: Chris Green [mailto:cmg () uab edu]
Gesendet: Dienstag, 12. Februar 2002 20:57
An: Dörr, Oliver
Cc: 'snort-users () lists sourceforge net'
Betreff: Re: [Snort-users] Question on Howto setup a snort sensor in
front of firewall


"Dörr, Oliver" <Oliver.Doerr () priacon com> writes:


Hello all
I have a general question about setting up a snort sensor 

systems. When I

place the sensor in front of the firewall, it will make 

this system very

vunerable against attacks. Although I would like to analyze 

the data in

realtime. How can i setup such a system without 

compromising my security

issues? Would it make sense to setup a system with snort, firewall,

database

and analyze engine or is it more usefull to transfer the 

data (and how?)
to

a internal system for analyzing ? 


You should have 2 network interfaces.  One is in promiscuous mode with
no ip on the sensor interface and a management interface that is
attached to whereever you will analyze events from.
-- 
Chris Green <cmg () uab edu>
To err is human, to moo bovine.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: