[Snort-users] Windows SUCCESS!!!
cwillis at ...7140...
Tue Oct 15 17:34:04 EDT 2002
Despite not getting any replys to my questions, I finally got it
working. It seems that Snort is naming my interfaces wrong.
It called my 3c905C a 3com PCI controller, and my 3c590 (a 10mbit card)
a "Fast Ethernet Controller". That was throwing me off big time.
Now I am getting portscan alerts properly, and we will wait and see what
else shows up. Acid, MySQL, IDSPolicy Manager, Winroute Pro, and SNORT
all use a total of 103MB of RAM (including Win2K server OS, hardened and
Snort 1.9.0 does not seem happy with ISA server. However, it runs
perfectly with Kerio Winroute Pro 4.2.5, which is a decent stateful
inspection packet filter for up to 200 or so users.
Snort makes it go from a packet filter to an actual "firewall". A
firewall is usually a computer sitting between an internal network and an
external network. It hides the internal network, bridges it to the
external network (usually via NAT), secures internal traffic between 2
sites (VPN services), comprehensive logging, and other services.
If you are interested, here are the places I went for Snort and Windows
Winroute Pro - very nice stateful packet filter for Windows
Snort and Win2K - A practical guide (VERY GOOD)
Silicon Defense - great Windows + Snort Information
I probably would be worthless for tech questions regarding my install,
but the sites/docs above are EXCELLENT and easy to follow.
More information about the Snort-users