[Snort-users] Preferrable location?

Erek Adams erek at ...577...
Mon Nov 19 22:24:03 EST 2001


On Mon, 19 Nov 2001, Ronneil Camara wrote:

> a) Where would be the preferrable location of snort box on a network
> with firewall (internal, dmz)? Do I need more than 1 snort?

http://www.snort.org/docs/faq.html#2.3

> b) What would be the advantage of having 2 nics on a snort box?

Setup one as a 'stealth' interface, and the second as a management NIC.

http://www.snort.org/docs/faq.html#3.1

> c) What o.s. is recommended for snort?

Ummm...  Not Linux.  ;-)  Seriously, look at one of the BSD variants.  IIRC,
most development is done under FreeBSD or OpenBSD.  IMHO, Linux isn't
standardized enough across the board for something this critical.  [Sorry, I'm
a Solaris Bigot. ;-) ]  Some folks are getting good use out of Linux based
sensors, though!  (See Abe Getchell's postings to snort-devlopers...]  Short
Answer:  Use what you know.  Long Answer:  Use the simplest first, then expand
to what works the best.  Now, as to what works best....  That's another game!

Hope this helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net







More information about the Snort-users mailing list