[Snort-users] new to snort

Fiona Whelan fiona.whelan at ...1697...
Thu Mar 29 18:50:07 EST 2001


I used to use Portsentry as my intrusion detection system. Then many 
people explained to me why portsentry was a bad idea and that I 
should switch to snort. I have successfully installed snort on my 
linux box and I downloaded the snort.conf from the site. I have read 
the manuals, but still have a questions:

1. How do I best use snort as an IDS.. basically I want it to monitor 
the same stuff as portsentry did.. attacks on ports.
2. To achieve the above would I have to leave eth0 in promiscuous 
mode? My box is on a LAN of different servers run by different 
people. Being in promisc mode would not be liked by other people on 
the network because they might think I was sniffing on them.. trying 
to get their passwords or read mail going to them, etc.

Thanks in advance for any help you can give me with the above 

 |  I O N A

Get your free E-mail at http://www.ireland.com

More information about the Snort-users mailing list