[Snort-users] sanity check

McCammon, Keith Keith.McCammon at ...3497...
Mon Jul 8 06:17:03 EDT 2002


> I've assigned the snort box an ip of 192.168.1.5 to the eth0 
> and plugged it 
> into the back of the linksys and designated that address as 
> the dmz host.

A DMZ is not a monitoring segment.  Unless you're routing traffic to the DMZ, systems there won't see anything. 

> Now as I understand it the linksys should expose the snort box to the 
> internet without firewall filtering and I should see some 
> scans from the 
> script kiddies on the internet....
> 
> Am I right here? Or...should I put the eth1 into a hub 
> infront of the linksys?
> jim kelly

Put eth1 into a hub in front of the router.  This will allow Snort to see everything that the router's external interface sees, which is (generally) speaking) what you want.




More information about the Snort-users mailing list