[Snort-users] IDS Placement ideas for inside and outside a fi rewall.

FWAdmin FWAdmin at ...8484...
Thu Apr 3 05:26:19 EST 2003

We do the same thing for the external side, but we are eventually moving it
on to our 6513. We are trying to eliminate 'hubs' on our network for the
sake of monitoring purposes.

-----Original Message-----
From: Philip Davidson [mailto:Philip at ...8580...] 
Sent: April 2, 2003 17:38
To: 'Brei, Matt'; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] IDS Placement ideas for inside and outside a fi

As far as the inside, get you a little hub.  3Com makes a good hub Office
Connect, I think is what it's called.

Take the line from your router/firewall, run into the hub.  Plug your Snort
box into one of the 4 or 8 ports on the front of the hub.

A hub is literally a repeater, where it repeats the signal it gets.  Now
take the line that was from your router/firewall to your switch and plug
into the front of the hub as well.  I think this will work for you.  Or you
could just mirror a port on the switch.  This could depend on the brand of

Anyhow, that's one...wait..two ways of setting it up internally.




Philip Davidson

DPC, Inc

1015 Maurice Fields Dr

Paris, TN 38242


-----Original Message-----
From: Brei, Matt [mailto:mbrei at ...8727...] 
Sent: Wednesday, April 02, 2003 1:43 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] IDS Placement ideas for inside and outside a


Hi everyone.  I am trying to convince my company to implement IDS on our
network but I have a few questions.  I know I would want one on both sides
of the firewall, but on a switched network, how would I force traffic to go
through Snort before it reached its destination?  Also, the way its set up
now, the Cisco 1751 router goes right into the Cisco PIX 501 firewall and
from there into a switch.  How would I place an IDS between the firewall and

This e-mail communication (including any or all attachments) is intended
only for the use of the person or entity to which it is addressed and may
contain confidential and/or privileged material. If you are not the intended
recipient of this e-mail, any use, review, retransmission,  distribution,
dissemination, copying, printing, or other use of, or taking of any action
in reliance upon this e-mail, is strictly prohibited. If you have received
this e-mail in error, please contact the sender and delete the original and
any copy of this e-mail and any printout thereof, immediately. Your
co-operation is appreciated. 

Le present courriel (y compris toute piece jointe) s'adresse uniquement a
son destinataire, qu'il soit une personne ou un organisme, et pourrait
comporter des renseignements privilegies ou confidentiels. Si vous n'etes
pas le destinataire du courriel, il est interdit d'utiliser, de revoir, de
retransmettre, de distribuer, de disseminer, de copier ou d'imprimer ce
courriel, d'agir en vous y fiant ou de vous en servir de toute autre facon.
Si vous avez recu le present courriel par erreur, priere de communiquer avec
l'expediteur et d'eliminer l'original du courriel, ainsi que toute copie
electronique ou imprimee de celui-ci, immediatement. Nous sommes
reconnaissants de votre collaboration. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030403/4c7d39a1/attachment.html>

More information about the Snort-users mailing list