[Snort-users] Using SNORT for Internal IDS
andrew.hutchinson at ...759...
Wed Jun 25 06:25:43 EDT 2003
Sure, Snort can be used anywhere you please - internal, external, or
otherwise. You may have as many copies of snort running as you please,
on as few or as many machines as you please - it's open source and free.
When converting from 1.9 to 2.0, I even had both versions running
simultaneously on the same box with no issues.
All you need to do is customize the rules files and conf file for each
location. There's really no documentation _specifically_ about doing
this, because none is necessary.
Andrew Hutchinson - Network Security
Vanderbilt University Medical Center
From: Pankaj Gupta [mailto:pgupta at ...6502...]
Sent: Tuesday, June 24, 2003 3:17 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Using SNORT for Internal IDS
I am not sure if Snort can be used to monitor internal attacks
or intrusion activities. Also, can I use two copies of Snort (installed
on two separate servers), one to monitor the external port outside my
firewall and the other to monitor specific internal ports for signature
matches. Does anyone have any experience, inputs or documentation on
this matter? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users