LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page snort, best place in network
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-28-2004, 07:15 PM   #1
mnauta
Member
 
Registered: Apr 2003
Posts: 152

Rep: Reputation: Disabled
snort, best place in network

which place would be best to place a snort box:

1) internet router --> firewall --> eth0, snort box eth1 --> network switch -->LAN

or

2) internet router --> firewall --> network switch --> LAN with snort box

In setup one, would I also see scans from inside the LAN? Any advice / suggestions ? What would be the pros or cons from either config.

thanks
manuel
 
Old 11-29-2004, 08:47 AM   #2
monroetech
Member
 
Registered: Nov 2004
Location: Toledo, OH
Distribution: SuSE 9.2 Pro
Posts: 53

Rep: Reputation: 15
If I were you... it sounds like you have a Router and Two computers to me....

I would set up snort on eth0
you then have eth1 which the other computer connects to, correct?

If you have it set up like this....

Modem -> Router -> firewall {eth0 -> eth1} -> eth0?

{} = computer #1

I'm assuming your using twisted cable or a switch between computer one and two.....

You know your Router can act as your firewall right?
It's good to configure iptables on your first computer too if you want the extra assurance.....

Anyways, Like I have it above, Snort will view all traffic coming from computer 1 and computer 2 as well as all incomming traffic to both computers....

also snort will see any traffic, including the traffic that iptables denies.... cause it hits snort before it hits your iptables firewall.....

Hope this helps some....
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 02:59 PM
Linux looks for network card in wrong place TrulyTessa Linux - Networking 4 11-02-2004 10:06 AM
Snort, Highspeed Network Packet Loss Tmor Linux - Enterprise 5 08-18-2004 03:24 PM
Where to place Snort Sensors kahpeetan Linux - Security 5 11-17-2003 06:40 PM
Network speed 10 mbps in place of 100 mbps? /su Linux - Networking 11 06-18-2003 07:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:50 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration