[Snort-users] snort question

Harper, Patrick Patrick.Harper at ...11593...
Fri Feb 18 12:00:46 EST 2005


You are going to get a lot of answers.  

I like an inline tap between the switch an the router.  In my opinion
you see the most amount of relevant data that way.  You will also want
to make sure that you tune your rules well to et rid of noise that makes
no difference to you or you will get tired of looking a the IDS real
fast.

Just my .02

-----Original Message-----
From: Jason Warren [mailto:jason at ...13052...] 
Sent: Friday, February 18, 2005 1:48 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] snort question

Curious on where snort would do its job better.


t1 - switch - web server
	      dns server
               firewall - LAN

should i put snort on a box that has its own IP or on my LAN behind the 
firewall?

thanks!


jason warren


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 







More information about the Snort-users mailing list