[Snort-users] Snort sensor on a Firewall

Rafeeq Rehman rafeeq.rehman at ...6488...
Mon May 5 11:24:03 EDT 2003


You can use the same machine as firewall and Snort and Snort will see all of
the traffic, provided you configure Snort to run on the public side network
interface. This is because Snort captures data before it reaches the
firewall packet filter. However it is not a good idea to combine IDS and
Firewall on the same machine.

 

Rafeeq

 

 

  _____  

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Michael Steele
Sent: Monday, May 05, 2003 2:12 PM
To: 'sireesha gaddipati'
Cc: snort-users at lists.sourceforge.net

 

Sireesha,

 

In short:

 

Placing Snort on the far side of the firewall will allow Snort to monitor
all traffic.

 

Placing Snort on the near side of the firewall will allow Snort to detect on
everything that gets past the firewall.

 -Michael
 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of sireesha
gaddipati
Sent: Monday, May 05, 2003 9:44 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort sensor on a Firewall

 

I am new to Snort. I am using snort for a class project.I have a doubt
regarding placement of snort sensor. 

 

Can I place a snort sensor on a firewall and monitor all the traffic coming
into internal network from the internet??? Will that be same as placing a
snort sensor on a different box outside the firewall?? In brief will the
snort on firewall be able to monitor all the packets before filtering
them???

 

Thanks.

Sireesha

 

  <http://sg.yimg.com/i/aa/icons/28/cricket.gif> Catch all the cricket
action. Download Yahoo! Score tracker
<http://in.sports.yahoo.com/cricket/tracker.html> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030505/de7ae010/attachment.html>


More information about the Snort-users mailing list