[Snort-sigs] Snort on Win2k FTP server (not a router pc)

Matt Kettler mkettler at ...189...
Fri Jan 31 10:42:02 EST 2003

You've also already posted this same question here on 1/17 under a slightly 
different subject. On 1/22 I answered and I also told you to put it on 
snort-users not snort-sigs. Please stop reposting the question, one that's 
already been answered, to the wrong list.

This is a list for signature/rule development. It is not a list for snort 
configuration discussion or questions. The general usage/questions list is 
snort-users at ...1245...

Please Re-read my original answer to you, and respond to that on sort-users 
if you have further questions.

In short, yes you can do that, there's no reason you can't but it's a less 
common configuration of snort so you won't see as much discussion of it. If 
you have specific questions, post them to snort-users and I'll answer them 

At 06:22 PM 1/31/2003 +0100, Walter Pouwels wrote:
>Hi to all.
>I wonder if it is any use putting snort on a pc (win2k server) which is 
>used as an FTP  server ?
>When reading through Snort doc's and such all I seem to read is snort 
>being used on the actual router/gateway station, listening on the external 
>interface. What I want to do is monitor any logon attempts at the ftp 
>server for users without login/pw but also if the machine get's probed on 
>any other ports.
>The network topology is as follows:
>E-tech router
>1x WAN ------ ADSL 1536 Kbps/256Kbps
>4x LAN 10/100 Mbit
>In the 4 LAN connections there are:
>pc-1 end-user system IP
>pc-2 end-user system IP
>pc-3 FTP server IP
>So is this possible to install snort on a machine with only 1 NIC and have 
>it listen to the traffic on that NIC or should I place another pc between 
>the FTP server and the router LAN port
>(giving: ftp-server ---- SNORT PC ----- router ---- ADSL)?
>Thanks in advance.
>This SF.NET email is sponsored by:
>SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list