[Snort-users] Snort and acidcenter
Paul D. Shaffer
paulshaf at ...741...
Tue Dec 31 14:57:01 EST 2002
As long as the hub is truly a "hub" and not one of those dual-speed
types that actually "switches" between the 10/100 fabric, you only need
to snort on one interface. You will however have to expand your
HOME_NET variable to cover the address space you're using.
You can run ACID from anywhere as long as you setup access to/from the
database and from the sensor box, if they are not all three one and the
same. If your hardware is recent and has the capacity/horsepower,
there's no reason you can't run everything on one box. For a home net,
even older hardware would probably be sufficient to support an
Hope that helps...
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Joseph
Sent: Tuesday, December 31, 2002 3:20 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort and acidcenter
I'm asking for a simple explaination of how this works
from someone who could answer this question quickly...
I have a home network connected through AT&T cable.
The cable modem goes to my hub, and thn off to 3
boxes. The IP addresses on the boxes aren't on the
same network thanx to AT&T's idiotic lack of static IP
My question is, if I set up an IDS box, do I have to
have the ACID agent and snort on every box? Or do I
just have it on one box, and the nic goes into
promiscuous mode and catches everything that comes
through the hub?
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users