Snort mailing list archives
Re: How to monitor two different traffics with snort
From: JJ Cummings <cummingsj () gmail com>
Date: Fri, 5 Jun 2009 10:31:36 -0600
Right, this way he can also define different variables to achieve what he wants... i.e. HOME_NET is a public IP outside the FW and a natted range most likely inside... this way he can see two distinct alerts from two distinct snort instances also. having said that, I agree with Joel... it's typically a waste of time to sniff outside of the firewall.. of course you have your traditional argument of "well, how do I know what my firewall is blocking" yadda yadda and that is of course an altogether separate discusion. JJC On Fri, Jun 5, 2009 at 10:18 AM, Nigel Houghton <nhoughton () sourcefire com>wrote:
On Fri, Jun 5, 2009 at 11:27 AM, Sandro guly Zaccarini<guly () luv guly org> wrote:On Fri, Jun 05, 2009 at 10:29:17AM -0400, Nigel Houghton wrote:On Fri, Jun 5, 2009 at 10:10 AM, Luis Daniel LucioWait to 2.8.5 it has multi-iface capabilities.Here's a better idea: Two interfaces on the snort box, one connected to one side of the firewall and the other to the inside of the firewall. Then start two instances of snort, one per interface.so you are saying that multi-interface doesn't work very well?Nope, I'm saying that given his scenario, two instances are probably better. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to monitor two different traffics with snort Bruno Noronha (Jun 05)
- Re: How to monitor two different traffics with snort Luis Daniel Lucio Quiroz (Jun 05)
- Re: How to monitor two different traffics with snort Nigel Houghton (Jun 05)
- Re: How to monitor two different traffics with snort Sandro guly Zaccarini (Jun 05)
- Re: How to monitor two different traffics with snort Joel Esler (Jun 05)
- Re: How to monitor two different traffics with snort Jeremy (Jun 05)
- Re: How to monitor two different traffics with snort YARICK (Jun 05)
- Re: How to monitor two different traffics with snort Richard Bejtlich (Jun 05)
- Re: How to monitor two different traffics with snort Nigel Houghton (Jun 05)
- Re: How to monitor two different traffics with snort Nigel Houghton (Jun 05)
- Re: How to monitor two different traffics with snort JJ Cummings (Jun 05)
- Re: How to monitor two different traffics with snort Luis Daniel Lucio Quiroz (Jun 05)
- Re: How to monitor two different traffics with snort Bamm Visscher (Jun 05)