[Snort-users] Newbie Alert!

shawn . moyer shawn at ...1184...
Wed Mar 7 22:09:00 EST 2001

Ian Campbell wrote:
> I'd like to play with a Snort box here at the office to monitor our internet
> connection outside the firewall. Since I know nothing about *nix, I'd like
> to do this on NT, so I downloaded the Win32 port and pcaplib, begged an
> intel box off my boss, and am ready to get started. Based on some of the
> posts I've read here, I was thinking about putting two NIC's in the box and
> connecting one to my internal LAN, and connecting the other (without IP
> address) to the hub between our IA router and FW. Does this sound like a
> recommended configuration in terms of security, etc?

Cut the transmit leads. :) 'Course I'm paranoid.
> I plan to strip the NT OS down before installing this stuff in the same
> manner as one would prior to installing, say, a Checkpoint FW on NT. I just
> want to dink around with it a litte before attempting anything wild like
> logging to a DB, or installing preprocessors, etc.

Well, you probably will want to at least set up WinPerl and SnortSnarf
so you can see your logs and packet captures in a more readable format.
> Can anyone just tell a poor novitiate if he's on the right track and offer
> some commentary, or point me to a 'getting started' faq somewhere
> (preferably with the emphasis on NT) that I could take a look at before
> jumping in.

This should get you on the right track, part II just came out as well.



s h a w n   m o y e r
shawn at ...1184...

The universe did not invent justice; man did.
Unfortunately, man must reside in the universe.

					-- Zelazny

More information about the Snort-users mailing list