[Snort-users] Advice on Snort Inline

Joel Esler joel.esler at ...1935...
Fri Sep 8 08:19:08 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark,

Thanks for emailing the list.

3 nics is the the way you want to go, one nic in, one nic out.  There
are some configuration guides to Snort inline out there (try the Snort
manual, it's a good starting point), all you have to do is basically
have iptables forward everything to "QUEUE" then Snort reads from that
QUEUE.

Fedora Core 5 will work just fine, just make sure you are running the
bare minimum of services on it, as you want your Snort box to be as fast
as possible for inline mode.

Joel


Mark Rohrbeck wrote:
> Hi all, 
> 
> I have 2 IDS systems in place and tuned to their specific networks, the next
> step I want to take is running them with Snort_inline. I am just a little
> unsure on how to do this. I would prefer to use Fedora Core 5 as the OS but
> open to suggestions. I mainly want to find out if I can run Snort_inline on
> one box? 
> 
> The networks are pretty small with 10 - 50 XP PC's and server 2003 / 2000,
> we run Sonicwall firewalls and I have the Sensors behind the firewall. The
> picture I have in my mind is having 3 nics in the machine, 1 for Admin and
> the other 2 for Snort inline. Am I heading in the right direction here?
> 
> Any advice / help GREATLY appreciated.
> 
> Marklar
> 
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

- --
+---------------------------------------------------------------------+
Joel Esler  	     Senior Security Consultant 	1-706-627-2101
Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
Snort - Open Source Network IPS/IDS -- http://www.snort.org
GPG Key http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFAV+8KbCSyXHckt4RAtAMAJ0RWtolCzv36akSi7Bl718lzQYZ/gCff7vj
uRV7WlqdNeI/iiJrRADzrvY=
=Zl/J
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list