[Snort-users] IDS monitoring unbound NIC on firewalled box

Fyodor fygrave at ...121...
Sun Jul 30 05:33:38 EDT 2000


~ :We've recently been experimenting with the idea of putting a 2nd NIC in a
~ :linux box that's behind the firewall.  If we don't bind and IP address to
~ :this NIC but still run the IDS on it, we can collect all the traffic on the
~ :outside of the firewall without the security problems associated with a
~ :public sentry.  I don't see any problems with doing this, does anybody else?
~ :

 if the question is whether you need to configure any higher than datalink 
protocol on a NIC to run snort on it, then the answer is no, you don't
need this. As it's been already mentioned you can configure bridging on
two NICs of a box on a way to/from your DMZ and run snort `transparently'.





More information about the Snort-users mailing list