|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Snort-users] plz help
From: Nick Duda (nduda
VistaPrint.com)
Date: Thu Jul 15 2004 - 07:52:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More importantly would be BEHIND the firewall, not in front. You could
do it in both places but would see massive traffic before the firewall.
By putting the sensor behind the firewall you will capture traffic that
the firewall missed and all the traffic from your LAN out. I would span
the gateway port of the switch (the one that goes to the firewall) to
the port the snort sensor is on. If your switch doesn't allow for port
spanning (most Cisco Catalyst do) I would do the following:
Internet --> Router --> Firewall --> Hub (hang snort sensor off the hub)
--> Switch --> Lan
- Nick
_____
From: Chandana Bandara [mailto:chandanadialogsl.net]
Sent: Thursday, July 15, 2004 8:20 AM
To: Nick Duda
Cc: Snort
Subject: Re: [Snort-users] plz help
Thanx u all that replied me . Now i rectified the problem with ur help
and it is working . thank u very much.
------------------------------------------------------------------------
---------------
where should i have to locate this snort box u all recomended ? i meant
against firewall ..and such .
internet --------> router -------> Firewall ------> switch ------> Lan.
as i shown in this example i would like to put this before the firewall.
am i correct ? if it is wrong can u all giude me plz ?
########################################################################
#########################################
when if snort receved strange hit , how can i block it by future attacks
? Is there any documentation to for rules ?
Thank u
chandana
----- Original Message -----
From: Nick Duda <mailto:ndudaVistaPrint.com>
To: Chandana Bandara <mailto:chandanadialogsl.net> ;
snort-userslists.sourceforge.net
Sent: Wednesday, July 14, 2004 7:53 PM
Subject: RE: [Snort-users] plz help
Nessus, Retina, NMAP....etc Anything that can do massive pen
testing will make snort go crazy. Tools like these are required in a
security pro's toolbox
_____
From: snort-users-adminlists.sourceforge.net
[mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Chandana
Bandara
Sent: Wednesday, July 14, 2004 7:19 AM
To: snort-userslists.sourceforge.net
Subject: [Snort-users] plz help
hi ,
I have installed snort perfectly in Red Hat Linux 9 box.ACID url
runs on the browser.
i used ping command with huge paccket sizes to that snort
server. But there was no any alerts in the ACID.
So tell me , how do i check this from other clients ?
plz help
thanx in advance
chandana
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]