RE: firewalling snort machine

["Sean T. Ballard" <stballard () 4glschools com>]

Here how I do it. Have 2 nics in it, one public one private. Unbind
tcpip off the public interface and just have the card in promisc mode.
Then on your private interface setup and IP so you can check the logs.
This way no internet traffic can connect to the IDS but it still logs
everything. (Make sure if your plugging the IDS into a switch that the
ports are mirrored to the port the IDS's public interface is in)
 
-Sean

-----Original Message-----
From: Basil Saragoza [mailto:snortlst () hotmail com]
Sent: Thursday, February 21, 2002 10:56 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] firewalling snort machine


I have a snort machine exposed to the internet (connected to our
internet switch, it monitors traffic coing to the firewall public nic).
Is it safe to install firewall on snort machine and disable ALL incoming
traffic to snort machin from the internet? Will it affect snort
functionality?
(My guess would be it won't cause snort sniffs packets fro the switch
and it is not dependent on internet connectivity, but I just want to
make sure that mu guess is correct)
thx.