[Snort-users] LAN

Jason Costomiris jcostom at ...2019...
Tue Nov 6 12:17:14 EST 2001

On Tue, Nov 06, 2001 at 10:01:29AM -0500, snortlst snortlst wrote:
: I run snort as ids.I have a sensor on LAN that sniffs traffic coming inside
: our lan from firewall's lan interface. Is that enough to figure out if there
: are some trojans running on some workstations on the lan, or some other
: problems with lan wstations?

That's enough to see traffic going to/from the Internet, not necessarily
all of your network.

: If this configuration is not enough then what.....I should mirror all 700
: ports on the lan switch to the snort sensor port?

If you've got that many live ports, I'd say you're probably best off
using multiple sensors with barnyard talking to a postresql/mysql db.

Jason Costomiris <><           |  Technologist, geek, human.
jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 
          Quidquid latine dictum sit, altum viditur.
                    My account, My opinions.

More information about the Snort-users mailing list