[Snort-users] running snort on webserver

chj at ...1888... chj at ...1888...
Tue Apr 24 09:09:05 EDT 2001


Hi,

Mark Burnett wrote an article about running Snort on Web-servers (IIS) You 
might get some help there.

http://www.securityfocus.com/frames/?focus=microsoft&content=/focus/microsoft/iis/mssnort.html

BTW - I think it is a good idea to have Snort on a webserver, because most 
firewall allow all traffic to your webserver TCP port 80 and hence, does 
not stop HTTP-attack. So if you would like to be noticed about 
HTTP-attacks, put Snort on your webserver or you could put Snort on your 
firewall. I have a Linuxbox running Ipchains and Snort and it its working 
great.

Regards,

Christian H. Jensen

.................................................................................. 


eSec A/S - Managed Security 

http://www.esec.dk 
Telefon: +45 7020 5585 
Direkte:  +45 4450 2073
Mobil:     +45 20192510
.................................................................................. 





"Simon Frohn" <sf at ...1883...>
Sent by: snort-users-admin at lists.sourceforge.net
24-04-2001 12:32

 
        To:     <snort-users at lists.sourceforge.net>
        cc: 
        Subject:        [Snort-users] running snort on webserver

Hi,

at the moment I am using ipchains to
block everything except ftp, http and ssh
on a webserver.
Nevertheless I would like getting informend
about break-in attempts, scans and dos-attacks
especially those using the http-service.

Would you recommend putting snort on
the same machine the webserver is running?
I do not have the possibility to set up
a special snort server ...
Or is it safer to rely on ip-firewalling and not
to scan http-traffic?


tia,
Simon


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010424/d5d22e02/attachment.html>


More information about the Snort-users mailing list