[Snort-users] firewalling snort machine
snortlst at ...125...
Thu Feb 21 09:03:03 EST 2002
I run demarc so I would like to be able to have public ip to be able to check alerts from home using https.
I was thinking about using ipchains on snort machine to block everything incoming besides https....
----- Original Message -----
From: Sean T. Ballard
To: Basil Saragoza ; snort-users at lists.sourceforge.net
Sent: Thursday, February 21, 2002 11:36 AM
Subject: RE: [Snort-users] firewalling snort machine
Here how I do it. Have 2 nics in it, one public one private. Unbind tcpip off the public interface and just have the card in promisc mode. Then on your private interface setup and IP so you can check the logs. This way no internet traffic can connect to the IDS but it still logs everything. (Make sure if your plugging the IDS into a switch that the ports are mirrored to the port the IDS's public interface is in)
From: Basil Saragoza [mailto:snortlst at ...125...]
Sent: Thursday, February 21, 2002 10:56 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] firewalling snort machine
I have a snort machine exposed to the internet (connected to our internet switch, it monitors traffic coing to the firewall public nic).
Is it safe to install firewall on snort machine and disable ALL incoming traffic to snort machin from the internet? Will it affect snort functionality?
(My guess would be it won't cause snort sniffs packets fro the switch and it is not dependent on internet connectivity, but I just want to make sure that mu guess is correct)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users