Snort mailing list archives
Re: Placement of Snort IDS
From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 14 Apr 2002 19:05:34 -0700 (PDT)
On Thu, 11 Apr 2002, [iso-8859-1] Kenny D wrote:
I need to know where exactly snort is placed in a switched network. Is it setup with port mirroring or in such a way that its a default gateway and all traffic passes through?
Well... It depends. You might configure it either way. It all depends upon your network and how/what you want to do with snort.
Someone told me snort can drop packets based on the rules but i thought it just logged packets when they satisy rules as opposed to dropping them. I have set it up with the firewall port mirroring to snort, is this correct
You might be thinking of Hogwash.
http://hogwash.sourceforge.net/
Cheers!
-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Placement of Snort IDS Kenny D (Apr 10)
- <Possible follow-ups>
- RE: Placement of Snort IDS Sheahan, Paul (PCLN-NW) (Apr 10)
- Gigabit snort? Michael Cunningham (Apr 10)
- Re: Gigabit snort? Frank Knobbe (Apr 13)
- Re: Gigabit snort? Jeff Nathan (Apr 17)
- Gigabit snort? Michael Cunningham (Apr 10)
- Placement of Snort IDS Kenny D (Apr 14)
- Re: Placement of Snort IDS Erek Adams (Apr 14)