You guessed it, a second card. In order to have IDS work properly, you need
one interface with no IP configured which will collect all packets, and then
another interface configured with an ip attached connected to a DMZ or any
such network segment.

Jared
-----Original Message-----
From: Chris Keladis [mailto:Chris.Keladiscmc.cwo.net.au]
Sent: Thursday, June 07, 2001 7:12 PM
To: FOCUS-IDSsecurityfocus.com
Subject: Retreiving information from IDS..

Hi everyone,

I'll soon be looking into a Snort rollout, and reading the various
groups for information.

Something i havent been able to find an answer for yet though, is how do
people who
place IDSs, say, before a firewall, in a highly untrusted area, get the
logs and alerts out
of the system? (assuming the machine is configured without an IP etc
etc)

Would i need to configure a second NIC, or is there something simpler i
can do?

Regards,

Chris.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]