[Snort-users] running snort on webserver

dotslash dotslash at ...1760...
Tue Apr 24 06:58:29 EDT 2001


ouch.  i too am in the same situation where i can't afford a separate snort
box.  i have ipfilter and snort on the same machine.

my findings are that snort will not be sensing much if it's behind a
firewall since the firewall will be dropping the sessions snort is supposed
to scan.  however, i read somewhere that with egress filtering i could get
snort do it's job even if it's behind a firewall.  i'm still looking for how
to do it.

my 2cents.

----- Original Message -----
From: "Simon Frohn" <sf at ...1883...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, April 24, 2001 2:32 PM
Subject: [Snort-users] running snort on webserver


> Hi,
>
> at the moment I am using ipchains to
> block everything except ftp, http and ssh
> on a webserver.
> Nevertheless I would like getting informend
> about break-in attempts, scans and dos-attacks
> especially those using the http-service.
>
> Would you recommend putting snort on
> the same machine the webserver is running?
> I do not have the possibility to set up
> a special snort server ...
> Or is it safer to rely on ip-firewalling and not
> to scan http-traffic?
>
>
> tia,
> Simon
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list