[Snort-users] AW: (Snort-users) Correct setup

sandro.poppi at ...3316... sandro.poppi at ...3316...
Fri Nov 2 00:06:04 EST 2001


> I want to monitor with snort sensor traffic that comes
> through or firewall.
> In order to do so I connected snort machine to the lan switch
> and configured
> switch to mirror all traffic from the lan firewall nic to
> snort sensor port.
> Is that a correct way to figure out what comes through
> firewall and reaches
> the lan network?

Doing so does work well for me. But remember to secure the snort machine as much
as possible, because when the box is compromised there may be a "workaround" for
the firewall!

No IP for the "snorted" interface, use a receive only cable (see the FAQ 3.1 for
that) but be warned: It may not work with a switch!





More information about the Snort-users mailing list