Snort mailing list archives
RE: Snort Sensor Placement Outside Firewall
From: Erek Adams <erek () snort org>
Date: Thu, 26 Jun 2003 09:51:25 -0400 (EDT)
On Wed, 25 Jun 2003, Michael Steele wrote:
You forgot to mention the time that may be involved in sorting through the massive amount of data with a sensor on the outside.
More like "didn't mention" vs. "forgot". Usually unless someone is just feeling masochistic, the information overload from outside the firewall is usually changed/toned down ASAP.
What could be some of the possibilities that make that scenario a possible solution, when the IDS could or should in most cases be placed on the near side of the firewall?
http://www.theadamsfamily.net/~erek/snort/ids_placement.txt That one has been beaten to death so many times it's not even funny. You can place it before or after the FW, but I think that's a choice that has to be made after testing. I don't think there is a hard and fast answer to 'where?'. You're going to almost always have to test/retest to check out how it works and how you want to handle it. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Sensor Placement Outside Firewall Rich Lichvar (Jun 25)
- Re: Snort Sensor Placement Outside Firewall Erek Adams (Jun 25)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 25)
- RE: Snort Sensor Placement Outside Firewall Erek Adams (Jun 26)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 25)
- Re: Snort Sensor Placement Outside Firewall David Alonso De La Vega Tapage (Jun 25)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 25)
- Re: Snort Sensor Placement Outside Firewall David Alonso De La Vega Tapage (Jun 26)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 25)
- <Possible follow-ups>
- Fw: Snort Sensor Placement Outside Firewall Tom Sevy (Jun 26)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 26)
- Re: Snort Sensor Placement Outside Firewall Erek Adams (Jun 25)