[Snort-users] snort question

Ballard, Sean (HHS/OS) Sean.Ballard at ...12985...
Fri Feb 18 12:37:39 EST 2005


To play devils advocate to that response, getting a list of attacks being
thrown at you via your internet NID is a great way to get the powers that be
to loosen up some budget money for your security initiatives. Plus it is
also good to know internet attack trends that hit your address space. My
view is get as much information you can from all sources you can.


-----Original Message-----
From: Harper, Patrick [mailto:Patrick.Harper at ...11593...] 
Sent: Friday, February 18, 2005 3:26 PM
To: Blair Woodmansee; Jason Warren; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] snort question

I think we are saying the same thing.  I was talking internal firewall
interface and core switch :) 

-----Original Message-----
From: Blair Woodmansee [mailto:Blair at ...13053...] 
Sent: Friday, February 18, 2005 2:20 PM
To: Harper, Patrick; Jason Warren; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] snort question


I prefer to set mine up in between my firewall and my LAN.  This way you
are gaining information on only traffic that has made it through the
filtering.  No sense gathering information on attacks that your firewall
can stop.
Blair Woodmansee MCSE, CCNA
System Administrator
Calcasieu Parish Public Library
(337) 437-3484 ext. 19
(337) 437-3652 Fax
 
 
"The single biggest problem in communication is the illusion that it has
taken place"    George Bernard Shaw
-----Original Message-----
From: Harper, Patrick [mailto:Patrick.Harper at ...11593...] 
Sent: Friday, February 18, 2005 2:00 PM
To: Jason Warren; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] snort question

You are going to get a lot of answers.  

I like an inline tap between the switch an the router.  In my opinion
you see the most amount of relevant data that way.  You will also want
to make sure that you tune your rules well to et rid of noise that makes
no difference to you or you will get tired of looking a the IDS real
fast.

Just my .02

-----Original Message-----
From: Jason Warren [mailto:jason at ...13052...] 
Sent: Friday, February 18, 2005 1:48 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] snort question

Curious on where snort would do its job better.


t1 - switch - web server
	      dns server
               firewall - LAN

should i put snort on a box that has its own IP or on my LAN behind the 
firewall?

thanks!


jason warren


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure,
dissemination, use or reproduction is strictly prohibited. If you have
received this message in error, please delete it and notify the sender
immediately. 





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users








Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure, dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list