[Snort-users] IDS Topology

Demetri Mouratis dmourati at ...3877...
Fri Jan 10 08:09:03 EST 2003


On Fri, 10 Jan 2003, Saad Kadhi wrote:
> > - no steath logging ability
> why? an all-component machine doesn't necessarily imply  a  single  NIC.
> you can always throw two cards at the task and  use  one  for  detection
> while  hooking  the  other  to  a  secure  administration  network.  the
> detection/sniffing card would be setup so that it  doesn't  have  an  IP
> address.

Sorry, I was referring to more than just sniffing without an IP:

http://www.linuxjournal.com/article.php?sid=6222


> >
> > Read some of the ACID documentation for more reasons.
> in which file(s)?

Again, sorry.  Too lazy last night:

http://www.cert.org/kb/acid/

Specifically:

IV. SECURITY

Eat some carrots, they are good for you.
---------------------------------------------------------------------
Demetri Mouratis
dmourati at ...3878...





More information about the Snort-users mailing list