[Snort-sigs] Snort on FTP server
wally at ...1199...
Tue Jan 21 22:02:11 EST 2003
Hi to all.
I wonder if it is any use putting snort on a pc (win2k server) which is
used as an FTP server ?
When reading through Snort doc's and such all I seem to read is snort being
used on the actual router/gateway station, listening on the external
interface. What I want to do is monitor any logon attempts at the ftp
server for users without login/pw but also if the machine get's probed on
any other ports.
The network topology is as follows:
1x WAN ------ ADSL 1536 Kbps/256Kbps
4x LAN 10/100 Mbit
In the 4 LAN connections there are:
pc-1 end-user system IP 192.168.4.1
pc-2 end-user system IP 192.168.4.2
pc-3 FTP server IP 192.168.4.3
So is this possible to install snort on a machine with only 1 NIC and have
it listen to the traffic on that NIC or should I place another pc between
the FTP server and the router LAN port
(giving: ftp-server ---- SNORT PC ----- router ---- ADSL)?
Thanks in advance.
More information about the Snort-sigs