[Snort-users] ideal setup

Kevin Brown Kevin.M.Brown at ...1022...
Wed Aug 7 15:11:02 EDT 2002


Then (if snort doesn't have this already) maybe snort should be used in
non-promiscuous mode if it is run from the firewall because all the traffic
destined for your network has to go through the firewall.

-----Original Message-----
From: Keith Young [mailto:kyoung at ...6513...]
Sent: Wednesday, August 07, 2002 2:29 PM
To: robert at ...6550...
Cc: quentyn at ...3871...; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ideal setup


Robert Cole wrote:

> Ok lets go for a not so dream setup. How about snort running on the
firewall 
> machine and sending its logs to a syslog server. That a decent setup if
the 
> syslog server is heavily protected as well?

Robert,

I wouldn't run Snort on the firewall for two reasons:
	* Snort will put the interfaces into promiscuous mode
	* running extra services usually isn't a good idea

What about running a Snort box outside and a Snort box inside which 
sends log data to the syslog server in the DMZ?

-- 

-- 
--Keith Young
-kyoung at ...6513...




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020807/66d8ded4/attachment.html>


More information about the Snort-users mailing list