I'd like to start monitoring my home DSL connection
with Snort, but am not sure which interface to watch.
Sitting behind my NetDSL modem is a RedHat Linux
system that runs PPPOE to establish a connection to
Earthlink. The interface eth1 is physically attached
to the DSL modem and ppp0 is the one that the PPPOE
software brings up for the actual connection.

When I apply firewall rules, I add them against the
ppp0 interface, would I use the same one for Snort or
the eth1 physical interface? Should I place a hub on
the same connection as the DSL and add another
interface just for Snort monitoring?

Any pointers would be great.

Thanks,

=====
************************************************************
** Darren Young **
** UNIX, Network & Security Consultant **
** YHL Solutions **
** darren_youngyahoo.com **
** PGP: 6BAF 11AC D6D4 4F4F A94A C5AC 5926 5FC1 8A9F CC6D **
************************************************************

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]