[Snort-users] Using SNORT for Internal IDS

Hutchinson, Andrew andrew.hutchinson at ...759...
Wed Jun 25 06:25:43 EDT 2003

Sure, Snort can be used anywhere you please - internal, external, or
otherwise.  You may have as many copies of snort running as you please,
on as few or as many machines as you please - it's open source and free.
When converting from 1.9 to 2.0, I even had both versions running
simultaneously on the same box with no issues.
All you need to do is customize the rules files and conf file for each
location.  There's really no documentation _specifically_ about doing
this, because none is necessary.   
Andrew Hutchinson - Network Security
Vanderbilt University Medical Center
(615) 936-2856

	-----Original Message-----
	From: Pankaj Gupta [mailto:pgupta at ...6502...] 
	Sent: Tuesday, June 24, 2003 3:17 PM
	To: snort-users at lists.sourceforge.net
	Subject: [Snort-users] Using SNORT for Internal IDS
	I am not sure if Snort can be used to monitor internal attacks
or intrusion activities. Also, can I use two copies of Snort (installed
on two separate servers), one to monitor the external port outside my
firewall and the other to monitor specific internal ports for signature
matches. Does anyone have any experience, inputs or documentation on
this matter? Thanks.
	Pankaj Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030625/288be01d/attachment.html>

More information about the Snort-users mailing list