[Snort-users] snort placement

J. Craig Woods drjung at ...5405...
Sun Aug 4 12:13:12 EDT 2002


neptuna wrote:
> 
> Hi
> 
> I am new to snort. I have a simple home LAN, with a Cable modem and a
> linux box acting as a Router/ FW.  I have 3 machines on the inside. All
> are connected to a cheap little D-link switch. Is my only option to put
> snort on the Linux Router/FW ?
> I have read the FAQ concerning this but i am still not sure. Any
> suggestions or pointers to more documentation is appreciated.
> 
> Thanks
> 

If your gateway/firewall server is a multi-homed system (dual nics),
putting the sensor on the external nic works nicely for me. If you are
running a single nic server, you might want to look elsewhere for sensor
location, i.e. maybe your switch, if it supports port mirroring...

Just some thoughts,
drjung

-- 
J. Craig Woods
UNIX/NT Network/System Administration
http://www.trismegistus.net/resume.html
Character is built upon the debris of despair --Emerson




More information about the Snort-users mailing list