-
October 6th, 2001, 01:24 AM
#1
Junior Member
SNORT & NAT Routing
Anyone using a Linux box with Snort for IDS and also using a broadband gateway router, such as NetGear RT series?
Would you place the IDS on the WAN side or the LAN side of the router?
Just curious, I'm trying to find the best method of deployment.
Cheers,
Url
-
October 6th, 2001, 07:17 PM
#2
Member
Depends on your configuration....
If you have a switched network, something like this....
WAN --- Router --- Hub --- Switch --- Servers/Systems
...............................|
......................Snort System
If you have a non-switched network, install it on your hub.
Or, you can use it for firewalling and install it inline between the router and your hub/switch.
cheers
I\'m not a BOT I\'m a beer droid!
Prepare to be Assimilated.
-
October 6th, 2001, 10:18 PM
#3
Senior Member
I would place it on the inside of your router, but i'd be careful, snort doesn't work on all switched networks - you need to make sure your switch can mirror traffic. Have look at snort.org for more info.
-
October 9th, 2001, 12:43 AM
#4
Senior Member
I know on at least the SMC barricades, there is the option of setting up an inside address as the DMZ (or default computer). That is, any traffic not expressly routed elsewhere will go to that computer (which is nice for an IDS).
\"If you torture the data enough, it will confess.\" --Ronald Coase
-
October 9th, 2001, 12:52 AM
#5
Junior Member
Thank you all for the posts. I think I'm inclinded to go with the suggestion of using the DMZ, i.e., a single host that all traffic is routed through. This is where I'll put snort.
Cheers,
Url
-
October 14th, 2001, 07:35 AM
#6
Junior Member
Does Snort really work... What about Snort on a Windows box?
-
October 14th, 2001, 07:34 PM
#7
Member
Snort works very well, and is available for windows.
cheers
I\'m not a BOT I\'m a beer droid!
Prepare to be Assimilated.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|