Snort mailing list archives
Re: uses of multiple sensors
From: "sunzi" <sunzi () mod-x co uk>
Date: Thu, 20 Mar 2003 07:32:04 -0500
Bishan, I use multiple sensors to break up my rulesets according to the systems(s) there protecting. I've been known to create a single node for network-centric attacks, and others for rules directly affecting various operating systems in the LAN. Also, on the actual systems that I run snort (some are physically located on critical servers) I use it to drasticly lighten the load of the sensor in question. For example, on Web servers, I am known to run multiple instances of snort, a primary that is only concerned about port 80, one that looks at everythign else according to O/S, and one that I have ready to go to sniff 100% of traffic from a subnet on that machine. I also have a tendancy to use a highly restricted ruleset and couple it with BlackIce for my Win32 Servers to provide auto-blockage for a limited ruleset of y choosing. It may seem kinda drastic, or even crazy, but it's flexible, and still light on memory when tweaked well. I've been able to easily run upwards of 10 snort nodes on a production Web server that was getting well over 200 concurrant users, and has been known to get 500+. hth, sunzi ----- Original Message ----- From: "Always Bishan" <bishan4u () yahoo co uk> To: <snort-users () lists sourceforge net> Sent: Thursday, March 20, 2003 6:30 AM Subject: [Snort-users] uses of multiple sensors
hi snorters, i have 2 snort sensors in my network. one use that i can make out of having multiple sensors is for load balancing, that is , i can put it to watch small networks and thus reduce the load on every instance. i think it would be quite beneficial for all of us, if some snort greats present here can enlighten us more on *uses of having multiple sensors* this will definitely help all a lot of us, now and in future. Thanx in advance. Bishan __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Tablet PC. Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: Tablet PC. Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- uses of multiple sensors Always Bishan (Mar 20)
- Re: uses of multiple sensors sunzi (Mar 20)
- <Possible follow-ups>
- Re: uses of multiple sensors JP Vossen (Mar 26)