[Snort-users] ideal setup

Kevin Brown Kevin.M.Brown at ...1022...
Wed Aug 7 15:11:02 EDT 2002

Then (if snort doesn't have this already) maybe snort should be used in
non-promiscuous mode if it is run from the firewall because all the traffic
destined for your network has to go through the firewall.

-----Original Message-----
From: Keith Young [mailto:kyoung at ...6513...]
Sent: Wednesday, August 07, 2002 2:29 PM
To: robert at ...6550...
Cc: quentyn at ...3871...; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ideal setup

Robert Cole wrote:

> Ok lets go for a not so dream setup. How about snort running on the
> machine and sending its logs to a syslog server. That a decent setup if
> syslog server is heavily protected as well?


I wouldn't run Snort on the firewall for two reasons:
	* Snort will put the interfaces into promiscuous mode
	* running extra services usually isn't a good idea

What about running a Snort box outside and a Snort box inside which 
sends log data to the syslog server in the DMZ?


--Keith Young
-kyoung at ...6513...

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020807/66d8ded4/attachment.html>

More information about the Snort-users mailing list