[Snort-users] snort placement
neptuna at ...6520...
Sun Aug 4 12:12:10 EDT 2002
> If I read correctly, this is your current setup
> Cable Modem ----- Router/FW ---- Dlink switch ---- 3 computers.
Yes, that is correct.
> Snort can be placed in many areas: Probably the most beneficial would
> be in front and behind the router/FW, this way you know what you're
> being attacked with and what's getting through the FW.
Actutally I did try to install snort a few months ago and I placed it on
one of the boxes on the inside (a RH 7.2) box. However it did not
capture any traffic.
> CM ---- Snort --- Router/FW --- Snort ---- Switch ---- computers.
Let me understand:
CM -> Snort box plugged into the Ethernet jack of modem -> [ this is
where i am confused ] Snort box hooked into the Router [ but how ?] ->
snort box UPlinked to switch -> Switch to internal computers?
> You can also hook it up to an open port on the switch and monitor
> traffic that way. All these options are dependent on separate boxes
> doing Snort.
I tried this before (see above)
Thanks very much Chris !!
More information about the Snort-users