[Snort-users] Alerts from DMZ

Erek Adams erek at ...577...
Tue Nov 20 08:51:03 EST 2001


On Tue, 20 Nov 2001, Petriz, Pablo wrote:

> I want to install Snort with a stealth interface to sniff on
> DMZ and i want Snort to send alerts to some NT boxes on the
> Internal Net in a secure (best secure) way.
>
> I have this instalation:
>
> External Net ----- Firewall ------- Internal Net
>                       |
>                       |- Snort
>                       |
>                      DMZ
>
> The FW allows some traffic btw ExtNet<->DMZ, some
> from IntNet->DMZ and blocks btw ExtNet<->IntNet.

Add a second NIC card on the snort box.  Connect 2nd NIC to the internal net
with an IP.  Make sure your firewall rules don't allow _any_ traffic to the
snort box to pass.  Build a read only cable and place that cable on your
stealth interface.  Now, your box will be happy, you can connect to it from
inside your net, but no other way.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list