[Snort-users] ideal setup
kyoung at ...6513...
Wed Aug 7 16:46:03 EDT 2002
Kevin Brown wrote:
> Then (if snort doesn't have this already) maybe snort should be used in
> non-promiscuous mode if it is run from the firewall because all the
> traffic destined for your network has to go through the firewall.
However you will still need to run another copy of Snort for your inside
network (for traffic that doesn't go through the firewall), right?
FYI, Snort does support non-promiscuous mode with the "-p" switch.
-kyoung at ...6513...
More information about the Snort-users