AW: [Snort-users] Question on Howto setup a snort sensor in front of firewall

Poppi, Sandro Sandro.Poppi at ...3316...
Tue Feb 12 22:11:04 EST 2002


Oliver,

you might also take a look at
http://www.lug-burghausen.org/projects/index.html#snort-stat.

Viel Spaß,
Sandro


> -----Ursprüngliche Nachricht-----
> Von: "Dörr, Oliver" [mailto:Oliver.Doerr at ...4956...]
> Gesendet: Dienstag, 12. Februar 2002 21:02
> An: 'snort-users at lists.sourceforge.net'
> Betreff: AW: [Snort-users] Question on Howto setup a snort sensor in
> front of firewall
> 
> 
> hello Chris ... thank you, i just try to setup linux without 
> a ip adress.
> Lets see how it works. I am a "newbie" in ids and linux and 
> so it takes a
> while to get all running. Oliver
> 
> -----Ursprüngliche Nachricht-----
> Von: Chris Green [mailto:cmg at ...671...]
> Gesendet: Dienstag, 12. Februar 2002 20:57
> An: Dörr, Oliver
> Cc: 'snort-users at lists.sourceforge.net'
> Betreff: Re: [Snort-users] Question on Howto setup a snort sensor in
> front of firewall
> 
> 
> "Dörr, Oliver" <Oliver.Doerr at ...4956...> writes:
> 
> > Hello all
> > I have a general question about setting up a snort sensor 
> systems. When I
> > place the sensor in front of the firewall, it will make 
> this system very
> > vunerable against attacks. Although I would like to analyze 
> the data in
> > realtime. How can i setup such a system without 
> compromising my security
> > issues? Would it make sense to setup a system with snort, firewall,
> database
> > and analyze engine or is it more usefull to transfer the 
> data (and how?)
> to
> > a internal system for analyzing ? 
> 
> You should have 2 network interfaces.  One is in promiscuous mode with
> no ip on the sensor interface and a management interface that is
> attached to whereever you will analyze events from.
> -- 
> Chris Green <cmg at ...671...>
> To err is human, to moo bovine.
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list