[Snort-users] Snort and acidcenter

Paul D. Shaffer paulshaf at ...741...
Tue Dec 31 14:57:01 EST 2002


Joe,

As long as the hub is truly a "hub" and not one of those dual-speed
types that actually "switches" between the 10/100 fabric, you only need
to snort on one interface.  You will however have to expand your
HOME_NET variable to cover the address space you're using.

You can run ACID from anywhere as long as you setup access to/from the
database and from the sensor box, if they are not all three one and the
same.  If your hardware is recent and has the capacity/horsepower,
there's no reason you can't run everything on one box.  For a home net,
even older hardware would probably be sufficient to support an
all-in-one solution.

Hope that helps...

Paul 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Joseph
Turley
Sent: Tuesday, December 31, 2002 3:20 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort and acidcenter

I'm asking for a simple explaination of how this works
from someone who could answer this question quickly...

I have a home network connected through AT&T cable. 
The cable modem goes to my hub, and thn off to 3
boxes.  The IP addresses on the boxes aren't on the
same network thanx to AT&T's idiotic lack of static IP
addresses.  Anyway...

My question is, if I set up an IDS box, do I have to
have the ACID agent and snort on every box?  Or do I
just have it on one box, and the nic goes into
promiscuous mode and catches everything that comes
through the hub?  

--Joe

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list