Snort mailing list archives
RE: ideal setup
From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Wed, 07 Aug 2002 15:09:52 -0700
Then (if snort doesn't have this already) maybe snort should be used in non-promiscuous mode if it is run from the firewall because all the traffic destined for your network has to go through the firewall. -----Original Message----- From: Keith Young [mailto:kyoung () v-one com] Sent: Wednesday, August 07, 2002 2:29 PM To: robert () support4linux com Cc: quentyn () fotango com; snort-users () lists sourceforge net Subject: Re: [Snort-users] ideal setup Robert Cole wrote:
Ok lets go for a not so dream setup. How about snort running on the
firewall
machine and sending its logs to a syslog server. That a decent setup if
the
syslog server is heavily protected as well?
Robert, I wouldn't run Snort on the firewall for two reasons: * Snort will put the interfaces into promiscuous mode * running extra services usually isn't a good idea What about running a Snort box outside and a Snort box inside which sends log data to the syslog server in the DMZ? -- -- --Keith Young -kyoung () v-one com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ideal setup Robert Cole (Aug 07)
- Re: ideal setup quentyn (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup Keith Young (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup Robert Cole (Aug 07)
- Re: ideal setup quentyn (Aug 07)
- <Possible follow-ups>
- RE: ideal setup Kevin Brown (Aug 07)
- Re: ideal setup Keith Young (Aug 07)
- RE: ideal setup twig les (Aug 09)
- RE: ideal setup Kevin Brown (Aug 08)