[Snort-users] Snort Sensor Placement Outside Firewall

David Alonso De La Vega Tapage delavegad at ...7768...
Wed Jun 25 09:08:21 EDT 2003


Hi Rich ..

David from Panamá ..

Ok ..  I have this setup on my net ..  check it ..

1. Mi Linux Box is RH 7.3 ( soon RH 9)  with 20 GB hard disk.  
2. 512 on swaping
3. 512 MB RAM
4. 1.8 ghz processor
5. Snort 2.0 + mysql +acid
6. 2 nics  ( one for manage ) 3 Com for snort.
7. strike cables cat 5 to conect your box in a hub ( or switch with 
mirror port )

My snort funciton perfect .. !   I hope that is teh right information 
for you .. !

Cheers ..


Rich Lichvar wrote:

> I know this is a bit off-topic, but I need some advice/help and would 
> like to tap the experience of those who probably have successfully 
> done what we are thinking of doing.
>  
> We are thinking of putting a Snort-based sensor outside our firewall 
> in the Untrusted zone. (This is after the border/edge/gateway router 
> which is controlled by our hosting facility and not us.) I was 
> wondering if any of you had any advice about:
>  
> 1. OS: Linux? Hardened how? What system capacity (RAM, hard 
> drive) might be required?
> 2. Cabling setup: Internet Cat 5 cable to hub and cable from hub to 
> sensor and cable from hub to Untrusted port of firewall? (I've tried 
> this in the past and had problems with traffic even getting to the 
> firewall. Maybe a crossover cable is needed?)
>  
> Many thanks in advance for any advice/experience you would offer.
>  
> Richard L. Lichvar
> Director, Operations
> Knowledge Resource Center, Inc.
> Phone: 703-848-2100 x228
> Fax: 703-848-4747
> Mobile: 571-221-3430
>  
>
>------------------------------------------------------------------------
>
>****** Message from InterScan E-Mail VirusWall NT ******
>
>** No virus found in attached file noname.htm
>
>Este correo ha sido revisado y esta libre de virus. Disclaimer
>*****************     End of message     ***************
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030625/a7236d9e/attachment.html>


More information about the Snort-users mailing list