[Snort-users] IDS monitoring unbound NIC on firewalled box

Jerry Shenk jas at ...129...
Sat Jul 29 11:56:46 EDT 2000


We've recently been experimenting with the idea of putting a 2nd NIC in a
linux box that's behind the firewall.  If we don't bind and IP address to
this NIC but still run the IDS on it, we can collect all the traffic on the
outside of the firewall without the security problems associated with a
public sentry.  I don't see any problems with doing this, does anybody else?





More information about the Snort-users mailing list