[Snort-users] Snort and acidcenter

Rigoberto De la Portilla rdelaportilla at ...131...
Wed Jan 1 08:23:03 EST 2003


Paul, 

i have a netgear dualspead 10/100 hub... 
are you telling me this wont work ?

i am now going to setup kind of the same thing as joe,
just that i have dsl with a block of ips on the same
subnet.

my dsl modem connected to netgear dualspeed hub.

connected to the dualspeed there is one snortbox in
promisc/noip eth1

one honeypot with a static 
one ethernet router with a static

eth0 for snort box is on the local lan  behind the
ethernet router.

has anyone found a good setup howto for
rh8/snort/mysql???  i read the 7.3 even thought that i
used the snort-mysql.x.rpm i ran into some issues
where my acid console was not picking up any traffic
or the sensor.

all access to the mysql was setup following the steps
of the howto also permissions to directorys were
correct.


Message: 7
From: "Paul D. Shaffer" <paulshaf at ...741...>
To: "'Joseph Turley'" <syprinth at ...131...>,
	<snort-users at lists.sourceforge.net>
Subject: RE: [Snort-users] Snort and acidcenter
Date: Tue, 31 Dec 2002 15:56:06 -0700

Joe,

As long as the hub is truly a "hub" and not one of
those dual-speed
types that actually "switches" between the 10/100
fabric, you only need
to snort on one interface.  You will however have to
expand your
HOME_NET variable to cover the address space you're
using.

You can run ACID from anywhere as long as you setup
access to/from the
database and from the sensor box, if they are not all
three one and the
same.  If your hardware is recent and has the
capacity/horsepower,
there's no reason you can't run everything on one box.
 For a home net,
even older hardware would probably be sufficient to
support an
all-in-one solution.

Hope that helps...

Paul 


=====

Rigoberto De La Portilla   -=[MCSE, WCSP]=-
http://cb0.net/~rigo


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list