[Snort-users] snort placement

J. Craig Woods drjung at ...5405...
Sun Aug 4 12:13:12 EDT 2002

neptuna wrote:
> Hi
> I am new to snort. I have a simple home LAN, with a Cable modem and a
> linux box acting as a Router/ FW.  I have 3 machines on the inside. All
> are connected to a cheap little D-link switch. Is my only option to put
> snort on the Linux Router/FW ?
> I have read the FAQ concerning this but i am still not sure. Any
> suggestions or pointers to more documentation is appreciated.
> Thanks

If your gateway/firewall server is a multi-homed system (dual nics),
putting the sensor on the external nic works nicely for me. If you are
running a single nic server, you might want to look elsewhere for sensor
location, i.e. maybe your switch, if it supports port mirroring...

Just some thoughts,

J. Craig Woods
UNIX/NT Network/System Administration
Character is built upon the debris of despair --Emerson

More information about the Snort-users mailing list