[Snort-users] Snort behind host's firewall

Jason Lewis jlewis at ...1831...
Fri Jun 8 20:16:40 EDT 2001

You are in luck.  I just finished a paper that might help.


Jason Lewis
It's not secure "Because they told me it was secure". The people at the
other end of the link know less about security than you do. And that's

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of RoBSD
Sent: Friday, June 08, 2001 4:14 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort behind host's firewall

And sorry if I ask a question that has already a answer on the list!
I want to deploy 4 servers on one collocation center and my servers
will be in one network with servers that are not ours and I don't want
to provide IDS for them. So, if it's possible to configure snort to
not use promiscuous mode and to analyze only packets that pass through
my firewall. I know that I can use "-h IP" but on 2 servers I will
have multiple IP's (more than 20) and for this I will have to add for
every new IP a new configuration! And in the same time I want to spare
same CPU time and only analyze what pass the firewall!

Thank you for your response!

Radu Coroi

Best regards,
 RoBSD                          mailto:robsd at ...2198...

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list