Snort mailing list archives
RE: snort question
From: "Jim Hendrick" <jrhendri () maine rr com>
Date: Sat, 19 Feb 2005 17:24:04 -0500
One thing I must comment on from your first posting is that you seem to have no firewall between your servers and the Internet. You really would be better addressing this before you worry about installing snort *anywhere*. That said, a tap simply lets you see everything that goes through it. It acts *similarly* to a (true) hub, except it also shows illegal signals on the wire that would not show up with (either) a hub or a switch (both a hub and switch can only transmit protocols they understand, so signals outside their ability to understand never will show up) A tap is nice if you can afford it, but depending on the bandwidth to the Internet, you might be able to use a hub there (to save money). But please, address the firewall issue first. Does your current one have a 3rd interface? If not, you should look into getting one that does (if budget is a problem, look into a Linux box w/ 3 NICs to replace your existing firewall). And (soon) you need to start talking to your management about Internet access (not sure how big a company you are, but anyone surfing porn at work can get you sued. Worse yet, now that you are aware of it, you are responsible for bringing this to management or this can be used as implicitly allowing it. It may simply need to be a formal policy and putting the employees on notice to "behave themselves", but you need to get it addressed before you have a harassment (or other) problem. Jim -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason Warren Sent: Friday, February 18, 2005 11:34 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] snort question Mainly detection of break in attempts, bad logins, etc. We are a small business so I do not really care about what is going out. (unfortunately our sales guy already showed me the porn he looks up..... ) question on one of those taps i was apparently offered " a sweet deal " on. does that allow me to monitor my LAN and my servers that are out side the FW? i am not familiar with those devices. thanks! tony cowling wrote:
Hi Jason. What are you trying to achieve? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason Warren Sent: Friday, February 18, 2005 2:48 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snort question Curious on where snort would do its job better. t1 - switch - web server dns server firewall - LAN should i put snort on a box that has its own IP or on my LAN behind the firewall? thanks! jason warren ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Jason Warren IT Manager/Customer Relations Zotz Digital - Apple Pro Video/Audio Reseller 541.472.9522 - http://www.zotzdigital.com ------------------------------------------------------ Join the Zotz Discussion List. email: zotz-list-request () zotzdigital com with the word 'subscribe' in the email body. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort question Jason Warren (Feb 19)
- <Possible follow-ups>
- RE: snort question Harper, Patrick (Feb 19)
- Re: snort question Jason Warren (Feb 19)
- RE: snort question Blair Woodmansee (Feb 19)
- RE: snort question Harper, Patrick (Feb 19)
- RE: snort question Ballard, Sean (HHS/OS) (Feb 19)
- RE: snort question Harper, Patrick (Feb 19)
- Re: snort question Jason Warren (Feb 19)
- RE: snort question Patrick S. Harper (Feb 19)
- RE: snort question tony cowling (Feb 19)
- RE: snort question Jim Hendrick (Feb 19)