Snort mailing list archives
Re: Install location
From: Seth Art <sethart () gmail com>
Date: Fri, 14 Jan 2005 12:49:05 -0500
For Home use you should be perfectly fine installing snort on an existing client. I am running Fedora Core 3 at home with snort, ntop, apache, and an ftp server on a P3 500mhz machine and it seems to handle the load quite well. If you are not dealing with tons of traffic at home you should be fine with buying a hub(make sure it is a 100mb hub) and plug the wireless router and all your machines into the hub. So. Cable/DSL --> router/wireless router -> Hub. And then plug all your other computers into the hub as well. If you have router but an Wireless AP you should plug your AP into the hub also. This will replicate all traffic to all the ports, which in theory slows you down but if your not doing many LAN transfers you shouldn't really notice any performance impact. I don't at least. The hub I am using is a Netgear 100mb that i got for about 40 bucks. Lastly one of the ports on the hub should goto a second interface on your snort machine. As far as how to configure this interface have it sniff while everything else from the client uses your original interface, there is a thread started today or yesterday (multi-homed) which hits it on the head. Another configuration is to put Cable/DSL into the hub, router into the hub, and have all the clients (including the WAP) into the router, except the sniffing interface on the snort machine which will also be plugged into the hub. This is like putting your snort sensor at work outside the firewall. You wil not see 192.x.x.x address, you will see only your public IP address as the destination for all of the machines. (I think, that maybe have just been ntop). This option will not affect LAN transfers at all far as performance AFAIK. I am still fairly new to snort, linux, and all of this so if anyone has seen any errors in my advice or what i am doing i would love to hear them as well. I hope I helped. -Seth On Thu, 13 Jan 2005 15:28:24 +0100, Eckhardt Newger <enewger () gmx de> wrote:
I'm thinking of giving Snort a try on my small home wireless LAN which connects through a router/switch to the Internet. I've read through many installation guides. All of them recommend to install Snort to a dedicated PC if I understood it right. But I do not want to install additional hardware for Snort (at least not at the moment). So my question is: Is it feasible/possible to install Snort on an already existing client, and how should I do it (separate NIC, unbound (how on a Win XP Pro system?))? Do I loose any functionality with this kind of installation? Many thanhs in advance for any advice. Eckhardt Newger ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Install location Eckhardt Newger (Jan 13)
- Re: Install location Seth Art (Jan 14)
- Re: Install location Eckhardt Newger (Jan 14)
- Re: Install location Seth Art (Jan 14)
- Re: Install location Eckhardt Newger (Jan 14)
- Re: Install location Eckhardt Newger (Jan 14)
- Re: Install location Seth Art (Jan 14)
- <Possible follow-ups>
- Install location Eckhardt Newger (Jan 13)
- Re: Install location Matthew K. Lee (Jan 13)
- Re: Install location Eckhardt Newger (Jan 18)