[Snort-users] Using SNORT for Internal IDS
pgupta at ...6502...
Wed Jun 25 06:10:21 EDT 2003
I am not sure if Snort can be used to monitor internal attacks or intrusion
activities. Also, can I use two copies of Snort (installed on two separate
servers), one to monitor the external port outside my firewall and the other
to monitor specific internal ports for signature matches. Does anyone have
any experience, inputs or documentation on this matter? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users