[Snort-users] Best way to deploy snort

Glenn English ghe at ...14811...
Mon Apr 5 22:02:49 EDT 2010


On Apr 5, 2010, at 7:51 PM, Kum Weng Luey wrote:

> One last question: Would snort be better off being placed in the DMZ to sniff incoming traffic or within the internal LAN between the router and the firewall. 

I'm in the midst of building a Linux WAN/DMZ/LAN packet-filter/IDP/router box. I'm currently planning to run Snort on it in inline mode, with feedback (from some rules) to the packet-filter.

Inline, on the grounds that I really don't care that much if there are attacks on the net, if they aren't getting through the packet-filter (and to save a few CPU cycles).

-- 
Glenn English
ghe at ...14811...







More information about the Snort-users mailing list