[Snort-users] Windows SUCCESS!!!

Chris Willis cwillis at ...7140...
Tue Oct 15 17:34:04 EDT 2002


Despite not getting any replys to my questions, I finally got it 
working.  It seems that Snort is naming my interfaces wrong.

It called my 3c905C a 3com PCI controller, and my 3c590 (a 10mbit card) 
a "Fast Ethernet Controller".  That was throwing me off big time.

Now I am getting portscan alerts properly, and we will wait and see what 
else shows up.  Acid, MySQL, IDSPolicy Manager, Winroute Pro, and SNORT 
all use a total of 103MB of RAM (including Win2K server OS, hardened and 
stripped down).

Snort 1.9.0 does not seem happy with ISA server.  However, it runs 
perfectly with Kerio Winroute Pro 4.2.5, which is a decent stateful 
inspection packet filter for up to 200 or so users.

Snort makes it go from a packet filter to an actual "firewall".  A 
firewall is usually a computer sitting between an internal network and an 
external network.  It hides the internal network, bridges it to the 
external network (usually via NAT), secures internal traffic between 2 
sites (VPN services), comprehensive logging, and other services.

If you are interested, here are the places I went for Snort and Windows 
integration:

Winroute Pro - very nice stateful packet filter for Windows
http://www.kerio.com/us/kerio.html

Snort and Win2K - A practical guide (VERY GOOD)
http://www.synaxis.org/around/sansug/snort-w2k.pdf

Silicon Defense - great Windows + Snort Information
http://www.silicondefense.com/techsupport/windows.htm

I probably would be worthless for tech questions regarding my install, 
but the sites/docs above are EXCELLENT and easy to follow.

Chris






More information about the Snort-users mailing list