[Snort-users] LAN

snortlst snortlst snortlst at ...125...
Tue Nov 6 07:02:12 EST 2001


I run snort as ids.I have a sensor on LAN that sniffs traffic coming inside
our lan from firewall's lan interface. Is that enough to figure out if there
are some trojans running on some workstations on the lan, or some other
problems with lan wstations?
(I thought it would be enough to see the traffic on fw lan interface cause
even if there are some trojans on workstations it'll go to the fw lan int.
anyway cause it is a default gw for lan wstations. Just wanted to veryfy
that....)

If this configuration is not enough then what.....I should mirror all 700
ports on the lan switch to the snort sensor port?

thx.





More information about the Snort-users mailing list