[Snort-sigs] Snort on FTP server

Walter Pouwels wally at ...1199...
Tue Jan 21 22:02:11 EST 2003

Hi to all.

I wonder if it is any use putting snort on a pc (win2k server) which is 
used as an FTP  server ?

When reading through Snort doc's and such all I seem to read is snort being 
used on the actual router/gateway station, listening on the external 
interface. What I want to do is monitor any logon attempts at the ftp 
server for users without login/pw but also if the machine get's probed on 
any other ports.

The network topology is as follows:

E-tech router
1x WAN ------ ADSL 1536 Kbps/256Kbps
4x LAN 10/100 Mbit

In the 4 LAN connections there are:

pc-1 end-user system IP
pc-2 end-user system IP
pc-3 FTP server IP

So is this possible to install snort on a machine with only 1 NIC and have 
it listen to the traffic on that NIC or should I place another pc between 
the FTP server and the router LAN port
(giving: ftp-server ---- SNORT PC ----- router ---- ADSL)?

Thanks in advance.


More information about the Snort-sigs mailing list