Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Ingersoll, Jared (JIngersollcswv.com)
Date: Fri Jun 08 2001 - 08:13:37 CDT
You guessed it, a second card. In order to have IDS work properly, you need
one interface with no IP configured which will collect all packets, and then
another interface configured with an ip attached connected to a DMZ or any
such network segment.
From: Chris Keladis [mailto:Chris.Keladiscmc.cwo.net.au]
Sent: Thursday, June 07, 2001 7:12 PM
Subject: Retreiving information from IDS..
I'll soon be looking into a Snort rollout, and reading the various
groups for information.
Something i havent been able to find an answer for yet though, is how do
place IDSs, say, before a firewall, in a highly untrusted area, get the
logs and alerts out
of the system? (assuming the machine is configured without an IP etc
Would i need to configure a second NIC, or is there something simpler i