[Snort-users] plz help

Nick Duda nduda at ...10466...
Thu Jul 15 05:54:05 EDT 2004


More importantly would be BEHIND the firewall, not in front. You could
do it in both places but would see massive traffic before the firewall.
By putting the sensor behind the firewall you will capture traffic that
the firewall missed and all the traffic from your LAN out. I would span
the gateway port of the switch (the one that goes to the firewall) to
the port the snort sensor is on. If your switch doesn't allow for port
spanning (most Cisco Catalyst do) I would do the following:

 

Internet --> Router --> Firewall --> Hub (hang snort sensor off the hub)
--> Switch --> Lan

 

- Nick

 

  _____  

From: Chandana Bandara [mailto:chandana at ...12108...] 
Sent: Thursday, July 15, 2004 8:20 AM
To: Nick Duda
Cc: Snort
Subject: Re: [Snort-users] plz help

 

Thanx u all that replied me . Now i rectified the problem with ur help
and it is working . thank u very much.

 

------------------------------------------------------------------------
---------------

 

where should i have to locate this snort box u all recomended ? i meant
against firewall ..and such .

 

internet --------> router -------> Firewall ------> switch ------> Lan.
as i shown in this example i would like to put this before the firewall.
am i correct ? if it is wrong can u all giude me plz ?

 

########################################################################
#########################################

 

when if snort receved strange hit , how can i block it by future attacks
? Is there any documentation to  for rules ?

 

Thank u 

 

chandana  

 

	----- Original Message ----- 

	From: Nick Duda <mailto:nduda at ...10466...>  

	To: Chandana Bandara <mailto:chandana at ...12108...>  ;
snort-users at lists.sourceforge.net 

	Sent: Wednesday, July 14, 2004 7:53 PM

	Subject: RE: [Snort-users] plz help

	 

	Nessus, Retina, NMAP....etc Anything that can do massive pen
testing will make snort go crazy. Tools like these are required in a
security pro's toolbox

	 

	
  _____  


	From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Chandana
Bandara
	Sent: Wednesday, July 14, 2004 7:19 AM
	To: snort-users at lists.sourceforge.net
	Subject: [Snort-users] plz help

	 

	hi , 

	 

	I have installed snort perfectly in Red Hat Linux 9 box.ACID url
runs on the browser.

	i used ping command with huge paccket sizes to that snort
server. But there was no any alerts in the ACID. 

	 

	So tell me , how do i check this from other clients ?

	 

	plz help

	 

	thanx in advance

	chandana 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040715/57af5b3a/attachment.html>


More information about the Snort-users mailing list