[Snort-users] snort placement

Sun Aug 4 12:12:10 EDT 2002

> If I read correctly, this is your current setup
> Cable Modem ----- Router/FW ---- Dlink switch ---- 3 computers.

Yes, that is correct.

> Snort can be placed in many areas:  Probably the most beneficial would 
> be in front and behind the router/FW, this way you know what you're 
> being attacked with and what's getting through the FW.

Actutally I did try to install snort a few months ago and I placed it on
one of the boxes on the inside (a RH 7.2) box. However it did not
capture any traffic. 

> CM ---- Snort --- Router/FW --- Snort ---- Switch ---- computers.

Let me understand:
CM -> Snort box plugged into the Ethernet jack of modem -> [ this is
where i am confused ] Snort box hooked into the Router [ but how ?] ->
snort box UPlinked to switch -> Switch to internal computers?

> You can also hook it up to an open port on the switch and monitor 
> traffic that way.  All these options are dependent on separate boxes 
> doing Snort.

I tried this before (see above)

Thanks very much Chris !!

