[Snort-users] Deployment

CunningPike cunningpike at ...11827...
Tue Sep 9 15:34:20 EDT 2008


Hi Steffan,

Depending on the horsepower of that server, and the amount of traffic
you will be monitoring, it _may_ be feasible. However, on our 10Mb link,
dual 3.4GHz Xeons with 4GB of RAM spends all its time running our NSM.

Also, remember that snort by itself won't _protect_ anything (unless you
run it inline, I suppose) and, even when set up that what, its ability
to protect the host its actually running on may be limited (others will
quickly point out if I'm talking bollocks here).

A better solution is to run snort on its own machine, monitoring on a
NIC with no IP address and being managed on another NIC with an IP
address that's unreachable from the Internet. Then you can use the other
box for everything else - a web server, even a busy one, arguably uses
less of a machine that snort monitoring a busy link.

CP

On Mon, 2008-09-08 at 06:39 -0700, Steffan A. Cline wrote:
> I have 2 - 1u servers available to me. Is it possible for one of them to
> serve dual purpose meaning that it can still do web and all while providing
> protection for itself and the other server? Both have dual ethernet.
> 
> 
> Thanks
> 
> Steffan
> 
> ---------------------------------------------------------------
> T E L  6 0 2 . 7 9 3 . 0 0 1 4 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
> Steffan A. Cline  
> Steffan at ...14411...                             Phoenix, Az
> http://www.ExecuChoice.net                                  USA
> AIM : SteffanC          ICQ : 57234309
> YAHOO : Steffan_Cline   MSN : steffan at ...14410...
> GOOGLE: Steffan.Cline             Lasso Partner Alliance Member
> ---------------------------------------------------------------
> 
> 
> 
> 
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list