[Snort-users] Hardware/snort config question
RoyR at ...5882...
Wed Jul 23 10:12:12 EDT 2003
First of all, HUGE thanks to Patrick S. Harper for the doc to get snort
going and some additional help!
Second. I have a logistic question on how/where to put it and configure
a few things to properly snort.
I have a /16 of real IP addresses that are assigned to a hardware FW's
external interface and NATted to the private internal 10's. The signal
comes in from the ISP to a router then to a hub then to 2 different
firewalls. One which has a single IP assigned to it for my wireless
(separate network) and another that has the balance of the /16.
The snort box is on the LAN which is all switched. How can I get all
the stuff on the switch to be snorted? I'm thinking a port mirror or
something right? Second, do I need to add a second NIC and attach to
the HUB to see all the external traffic hitting the firewalls or not?
My guess is yes or can I simply assign multiple IP's to the same nic
(I'm running RH9)
For the internal net I gave the snort box 192.168.100.0/24 to scan
that's correct right (assuming it has an address of
For external I gave it the /16 range of real ip's I have.
Thanks in advance. Please excuse this if it is "off-topic" and reply
off list if you can help.
royr at ...5882...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users