[Snort-users] Snort sensor on a Firewall

sireesha gaddipati g_siri_g at ...5176...
Mon May 5 11:20:12 EDT 2003


Hi, I actually want to place snort sensor on the same machine as firewall. My firewall has two interfaces one of which is connected to internet and other to the internal network. If I place two snort sensors one on each of those interfaces will that work same as snort sensors before and after the firewall (before and after in the sense on separate linux boxes) Thanks.Sireeha

Michael Steele <mes at ...9057...> wrote:
Sireesha,

 

In short:

 

Placing Snort on the far side of the firewall will allow Snort to monitor all traffic.

 

Placing Snort on the near side of the firewall will allow Snort to detect on everything that gets past the firewall.

 -Michael
 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of sireesha gaddipati
Sent: Monday, May 05, 2003 9:44 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort sensor on a Firewall

 

I am new to Snort. I am using snort for a class project.I have a doubt regarding placement of snort sensor. 

 

Can I place a snort sensor on a firewall and monitor all the traffic coming into internal network from the internet??? Will that be same as placing a snort sensor on a different box outside the firewall?? In brief will the snort on firewall be able to monitor all the packets before filtering them???

 

Thanks.

Sireesha

 

Catch all the cricket action. Download Yahoo! Score tracker

Catch all the cricket action. Download Yahoo! Score tracker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030505/cdc0ec87/attachment.html>


More information about the Snort-users mailing list