AW: [Snort-users] Question on Howto setup a snort sensor in front of firewall

"Dörr, Oliver" Oliver.Doerr at ...4956...
Tue Feb 12 12:04:31 EST 2002


hello Chris ... thank you, i just try to setup linux without a ip adress.
Lets see how it works. I am a "newbie" in ids and linux and so it takes a
while to get all running. Oliver

-----Ursprüngliche Nachricht-----
Von: Chris Green [mailto:cmg at ...671...]
Gesendet: Dienstag, 12. Februar 2002 20:57
An: Dörr, Oliver
Cc: 'snort-users at lists.sourceforge.net'
Betreff: Re: [Snort-users] Question on Howto setup a snort sensor in
front of firewall


"Dörr, Oliver" <Oliver.Doerr at ...4956...> writes:

> Hello all
> I have a general question about setting up a snort sensor systems. When I
> place the sensor in front of the firewall, it will make this system very
> vunerable against attacks. Although I would like to analyze the data in
> realtime. How can i setup such a system without compromising my security
> issues? Would it make sense to setup a system with snort, firewall,
database
> and analyze engine or is it more usefull to transfer the data (and how?)
to
> a internal system for analyzing ? 

You should have 2 network interfaces.  One is in promiscuous mode with
no ip on the sensor interface and a management interface that is
attached to whereever you will analyze events from.
-- 
Chris Green <cmg at ...671...>
To err is human, to moo bovine.




More information about the Snort-users mailing list