[Snort-users] new to snort
fiona.whelan at ...1697...
Thu Mar 29 18:50:07 EST 2001
I used to use Portsentry as my intrusion detection system. Then many
people explained to me why portsentry was a bad idea and that I
should switch to snort. I have successfully installed snort on my
linux box and I downloaded the snort.conf from the site. I have read
the manuals, but still have a questions:
1. How do I best use snort as an IDS.. basically I want it to monitor
the same stuff as portsentry did.. attacks on ports.
2. To achieve the above would I have to leave eth0 in promiscuous
mode? My box is on a LAN of different servers run by different
people. Being in promisc mode would not be liked by other people on
the network because they might think I was sniffing on them.. trying
to get their passwords or read mail going to them, etc.
Thanks in advance for any help you can give me with the above
| I O N A
Get your free E-mail at http://www.ireland.com
More information about the Snort-users