[Snort-users] Multiple instances of Snort

Micheal Cottingham micheal.cottingham at ...12474...
Fri Sep 24 09:00:01 EDT 2004


In short, here's what I'd like to do:

I am a security technician for a college, and the college runs a public 
cyber cafe. We also offer wireless access. One of the problems is that 
there is little auditing in place for the wireless users. I'd like to 
setup IAS (I have to use Windows, otherwise I'd use freeradius.org), but 
there is no "nice" frontend for IAS. I'm thinking I could use MySQL and 
PHP and exec() IAS's command line options since IAS does not yet have 
scripting support. Here's where Snort would come in. Snort would log the 
packets coming to and from a user, and if something fires a filter in 
Snort, it would alert the cyber cafe monitor, and based on the 
severity/number of alerts for the user, the cyber cafe monitor could 
kill the session for the user. So, I'd like to fork Snort for each user. 
I don't expect more than say 5 wireless users at a time, but of course 
the more that I can get the application and Snort to scale, the better. 
My question is how well would Snort handle in such an environment with 
regards to resources, or is something like this even possible currently? 
Thanks.

_____________________________________
Micheal Cottingham, Comptia A+
micheal.cottingham at ...12474...
1-434-949-1078





More information about the Snort-users mailing list