Snort mailing list archives
RE: snort question
From: "Harper, Patrick" <Patrick.Harper () phns com>
Date: Fri, 18 Feb 2005 15:02:14 -0600
True, the scare factor can be a good thing around budget time :) -----Original Message----- From: Ballard, Sean (HHS/OS) [mailto:Sean.Ballard () hhs gov] Sent: Friday, February 18, 2005 2:37 PM To: Harper, Patrick; Blair Woodmansee; Jason Warren; snort-users () lists sourceforge net Subject: RE: [Snort-users] snort question To play devils advocate to that response, getting a list of attacks being thrown at you via your internet NID is a great way to get the powers that be to loosen up some budget money for your security initiatives. Plus it is also good to know internet attack trends that hit your address space. My view is get as much information you can from all sources you can. -----Original Message----- From: Harper, Patrick [mailto:Patrick.Harper () phns com] Sent: Friday, February 18, 2005 3:26 PM To: Blair Woodmansee; Jason Warren; snort-users () lists sourceforge net Subject: RE: [Snort-users] snort question I think we are saying the same thing. I was talking internal firewall interface and core switch :) -----Original Message----- From: Blair Woodmansee [mailto:Blair () calcasieu lib la us] Sent: Friday, February 18, 2005 2:20 PM To: Harper, Patrick; Jason Warren; snort-users () lists sourceforge net Subject: RE: [Snort-users] snort question I prefer to set mine up in between my firewall and my LAN. This way you are gaining information on only traffic that has made it through the filtering. No sense gathering information on attacks that your firewall can stop. Blair Woodmansee MCSE, CCNA System Administrator Calcasieu Parish Public Library (337) 437-3484 ext. 19 (337) 437-3652 Fax "The single biggest problem in communication is the illusion that it has taken place" George Bernard Shaw -----Original Message----- From: Harper, Patrick [mailto:Patrick.Harper () phns com] Sent: Friday, February 18, 2005 2:00 PM To: Jason Warren; snort-users () lists sourceforge net Subject: RE: [Snort-users] snort question You are going to get a lot of answers. I like an inline tap between the switch an the router. In my opinion you see the most amount of relevant data that way. You will also want to make sure that you tune your rules well to et rid of noise that makes no difference to you or you will get tired of looking a the IDS real fast. Just my .02 -----Original Message----- From: Jason Warren [mailto:jason () zotzdigital com] Sent: Friday, February 18, 2005 1:48 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snort question Curious on where snort would do its job better. t1 - switch - web server dns server firewall - LAN should i put snort on a box that has its own IP or on my LAN behind the firewall? thanks! jason warren ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort question Jason Warren (Feb 19)
- <Possible follow-ups>
- RE: snort question Harper, Patrick (Feb 19)
- Re: snort question Jason Warren (Feb 19)
- RE: snort question Blair Woodmansee (Feb 19)
- RE: snort question Harper, Patrick (Feb 19)
- RE: snort question Ballard, Sean (HHS/OS) (Feb 19)
- RE: snort question Harper, Patrick (Feb 19)
- Re: snort question Jason Warren (Feb 19)
- RE: snort question Patrick S. Harper (Feb 19)
- RE: snort question tony cowling (Feb 19)
- RE: snort question Jim Hendrick (Feb 19)