[Snort-users] ideal setup

Keith Young kyoung at ...6513...
Wed Aug 7 16:46:03 EDT 2002


Kevin Brown wrote:
> Then (if snort doesn't have this already) maybe snort should be used in 
> non-promiscuous mode if it is run from the firewall because all the 
> traffic destined for your network has to go through the firewall.
> 

Good point.

However you will still need to run another copy of Snort for your inside 
network (for traffic that doesn't go through the firewall), right?

FYI, Snort does support non-promiscuous mode with the "-p" switch.

-- 

-- 
--Keith Young
-kyoung at ...6513...






More information about the Snort-users mailing list