The better way to run snort would be to place the snort machine between your dsl modems 10baseT port and your linksys wan port by using a hub or splitter. Make darn sure the snort box doesn't have any open ports and is hardened, because it's basically open to the internet.
The really smart thing would be also set up snort inside your private address range and then you can compare lods and see just what stuff your linksys is bit-bucketing AND you can see what got through.. (and how that happens is a different thread) DO NOT in any way use passwords or userids on the snort that you use on the private address range. D. Weiss CCNA/MCSE/SSP2 -----Original Message----- From: Garbrecht, Frederick [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 11:02 PM To: Security-Basics (E-mail) Subject: RE: Any comments on using SNORT You may not actually be able to do this. Some of the Linksys multiport routers use switched ports (the one I have does). Check your router documentation to be sure. If it's a switch, it's not going to be very interesting to run snort that way because it will only see traffic through that specific port. I've goofed around trying to put a hub in between but have never been successful (but never tried too hard either). Perhaps if you put a cheap Linksys 4 port hub on one of the switch ports, and then used the hub ports for your snort box and other machines it might work. Regards, Fred -----Original Message----- From: Bejon Parsinia [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 13, 2002 12:36 PM To: '[C] Teodorski, Chris'; 'dewt'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Any comments on using SNORT Yes, snort can be configured on one of the open ports of the router. Most likely the router's ports act as an unintelligent hub so all should be fine. Good luck, Bejon -----Original Message----- From: [C] Teodorski, Chris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 10:11 AM To: 'dewt'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Any comments on using SNORT I have a Linksys DSL/Cable 4 port router.......can I setup snort....and will it provide any useful info? -----Original Message----- From: dewt [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 8:24 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Any comments on using SNORT snort is awesome, i've only tried it on linux systems, so i cant comment on that part of your question. for better log parsing, i reccommend using snortsnarf from http://www.silicondefense.com/software/snortsnarf/ and the snort_stat script sometimes available from http://xanadu.incident.org/snort/ but it's down a lot and may have moved On Saturday 09 March 2002 06:25 pm, Gregory Pipkins wrote: > Hello, > > I am looking a broading my knowledge of using different types of IDS > programs. Snort seems like a good open source program. > > http://www.snort.org > > Does anyone have any comments about using Snort on their systems? > > Looking for comments also toward running SNORT on a Windows based > system vs Unix/Linux systems. > > Thanks for your time. > > Gregory Pipkins > > ------------------------------------------------ > Defend Your Domain! Stop Losing Profits! > Discover one simple technique that can multiply > the success rate of all your marketing efforts! > http://einsiders.gregorypipkins.com > ------------------------------------------------ > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com
