[Snort-users] snort placement

neptuna neptuna at ...6520...
Sun Aug 4 12:24:05 EDT 2002


> 
> If your gateway/firewall server is a multi-homed system (dual nics),
> putting the sensor on the external nic works nicely for me. If you are
> running a single nic server, you might want to look elsewhere for sensor
> location, i.e. maybe your switch, if it supports port mirroring...
> 
> Just some thoughts,
> drjung
> 


Yes the gateway is multi-homed. I know i could put snort on that box and
have it listen on Eth0 (external NIC to CM). I wanted to see what other
alternatives there were. As far as the switch, it is a cheap little
thing. I will have to check the Dlink site to see what features are
available. I don't remember if any software came with it. 

Thanks for your help!





More information about the Snort-users mailing list