[Snort-users] snort placement

Subba Rao sailorn at ...261...
Mon Aug 5 07:12:05 EDT 2002


Hello neptuna,

Here is my setup.

								Cable Modem 
  		     						    |
    		      						|
..........(Nic 3)...........Dlink switch
|  		     						    |
|    		      						|
|		   ------------------------------------------------
|  		   |                                 |           | 			   |
|	Router/FW/Snort       Comp1  Comp2   Comp3
........(3 NICs)

Nic 1 is the gateway to the Internet. (Router/FW). Snort cannot listen on this Nic.
Nic 2 is the gateway to my LAN.  This is the trusted Nic.
Nic 3 is the promiscuous NIC listening to the traffic coming in. Snort is listening on this Nic 3.

For the Snort Nic, use a good Nic like 3Com, which is believed not to drop as many packets as a NE2K Nic.

Suggestions for Nic 3 - Do not set any IP address for the Nic
									  Do not broadcast the ARP address.

Hope this helps. Good luck.

Best regards.				 
Subba Rao
sailorn at ...261...
2002-08-05


======= At 2002-08-05, 02:19:00 you wrote: =======

>Hi
>
>I am new to snort. I have a simple home LAN, with a Cable modem and a
>linux box acting as a Router/ FW.  I have 3 machines on the inside. All
>are connected to a cheap little D-link switch. Is my only option to put
>snort on the Linux Router/FW ? 
>I have read the FAQ concerning this but i am still not sure. Any
>suggestions or pointers to more documentation is appreciated.
>
>Thanks
>
>
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users

= = = = = = = = = = = = = = = = = = = =







More information about the Snort-users mailing list