[Snort-users] IDS and HoneyPot placement in LAN

Quentin Ducas quentin.h4c at ...11827...
Wed Jun 16 11:26:38 EDT 2010

I apologize for the newbie question, but what is the best placement for the
IDS and the HoneyPot in the LAN?

I want to monitor a HoneyPot with the IDS (snort) [u]without[/u] monitoring
the complete LAN. Want to monitor just one machine.
What should be the best placement for HoneyPot and IDS for this situation.
The HoneyPot is a so called 'research-honeypot' so it is not used for

Do I have to place the HoneyPot and the IDS in a DMZ?
Or is it better to place the IDS between modem and router, and the HoneyPot
in a DMZ?
Or is it not necessary to have a DMZ and can I place the HoneyPot between
modem and Router and the IDS in the LAN?
Do I need a switch to make a separate network for this?
Or maybe something else?

ergo: What is the best placement for both systems?

Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100616/31f3fab6/attachment.html>

More information about the Snort-users mailing list