[Snort-users] ideal setup

Robert Cole robert at ...6550...
Wed Aug 7 22:59:02 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm a network engineer by trade and I'm doing this on my home network of 
computers as a learning point to really get familier with it.

I'll probably try this in a couple of different configs.

I just wanted to get an idea of the sorts of things I'm looking for and have 
some ideas rolling around in my head before I get in extremely deep to 
howto's and docs. If I don't have some idea of why and how in my head already 
my eyes glaze over reading docs for just the sake of learning. :) I have to 
have a point and reason to read em then I have DRIVE! :)

Thanks everyone for your input. Very much appreciated. I'm sure I'll be back 
with some brutal questions in few days or after linuxworld. :)

Robert

On Wednesday 07 August 2002 02:28 pm, Keith Young wrote:
> Robert Cole wrote:
> > Ok lets go for a not so dream setup. How about snort running on the
> > firewall machine and sending its logs to a syslog server. That a decent
> > setup if the syslog server is heavily protected as well?
>
> Robert,
>
> I wouldn't run Snort on the firewall for two reasons:
> 	* Snort will put the interfaces into promiscuous mode
> 	* running extra services usually isn't a good idea
>
> What about running a Snort box outside and a Snort box inside which
> sends log data to the syslog server in the DMZ?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9Ugh7OWbzte5wVEURAtz9AJ4y3CjdYrS81NSYuvlbgK8+cUMQkQCfZ7bT
n+K5p/45HMKmDVDv/Xgn+yE=
=QJ+i
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list