[Snort-users] IDS monitoring unbound NIC on firewalled box
fygrave at ...121...
Sun Jul 30 05:33:38 EDT 2000
~ :We've recently been experimenting with the idea of putting a 2nd NIC in a
~ :linux box that's behind the firewall. If we don't bind and IP address to
~ :this NIC but still run the IDS on it, we can collect all the traffic on the
~ :outside of the firewall without the security problems associated with a
~ :public sentry. I don't see any problems with doing this, does anybody else?
if the question is whether you need to configure any higher than datalink
protocol on a NIC to run snort on it, then the answer is no, you don't
need this. As it's been already mentioned you can configure bridging on
two NICs of a box on a way to/from your DMZ and run snort `transparently'.
More information about the Snort-users