[Snort-sigs] Snort on Win2k FTP server (not a router pc)

Walter Pouwels walter at ...1199...
Fri Jan 31 09:23:05 EST 2003


Hi to all.

I wonder if it is any use putting snort on a pc (win2k server) which is 
used as an FTP  server ?

When reading through Snort doc's and such all I seem to read is snort being 
used on the actual router/gateway station, listening on the external 
interface. What I want to do is monitor any logon attempts at the ftp 
server for users without login/pw but also if the machine get's probed on 
any other ports.

The network topology is as follows:

E-tech router
1x WAN ------ ADSL 1536 Kbps/256Kbps
4x LAN 10/100 Mbit

In the 4 LAN connections there are:

pc-1 end-user system IP 192.168.4.1
pc-2 end-user system IP 192.168.4.2
pc-3 FTP server IP 192.168.4.3

So is this possible to install snort on a machine with only 1 NIC and have 
it listen to the traffic on that NIC or should I place another pc between 
the FTP server and the router LAN port
(giving: ftp-server ---- SNORT PC ----- router ---- ADSL)?

Thanks in advance.

Walter  





More information about the Snort-sigs mailing list