I have Snort running on a linux box off my Linksys DSL router using the DMZ
port option in the Linksys set up. That ought to let your Snort box see
anything hitting your address. Just make sure you have that box locked
down and/or run a firewall on it.
---------------------------------------------------------------------
Mary Anthes
[EMAIL PROTECTED]
brian_carpio@csgs
ystems.com To: "[C] Teodorski, Chris"
<[EMAIL PROTECTED]>
cc: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>, "Garbrecht, Frederick"
03/19/02 07:03 PM <[EMAIL PROTECTED]>,
"Security-Basics (E-mail)"
<[EMAIL PROTECTED]>
Subject: RE: Any comments on using
SNORT
I had the same problem so I created a bridged / firewall / IDS
I just got a box with 2 interfaces on it
INTERNET -- SNORT BOX -- SWITCH -- NETWORK
There are plenty of how-tos on setting up a bridge plus no one can see the
snort sensor...
--------------
Brian Carpio
CSG Systems Inc.
Open Systems Unix System Admin
x3317
--------------
On Tue, 19 Mar 2002, [C] Teodorski, Chris wrote:
> How would I do this, I am only given one IP address by my DSL provider.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, March 17, 2002 6:18 AM
> To: Garbrecht, Frederick; Security-Basics (E-mail)
> Subject: RE: Any comments on using SNORT
>
>
> The better way to run snort would be to place the snort machine between
your
> dsl modems 10baseT port and your linksys wan port by using a hub or
> splitter. Make darn sure the snort box doesn't have any open ports and is
> hardened, because it's basically open to the internet.
>
> The really smart thing would be also set up snort inside your private
> address range and then you can compare lods and see just what stuff your
> linksys is bit-bucketing AND you can see what got through.. (and how that
> happens is a different thread)
>
> DO NOT in any way use passwords or userids on the snort that you use on
the
> private address range.
>
> D. Weiss
> CCNA/MCSE/SSP2
>
> -----Original Message-----
> From: Garbrecht, Frederick [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 14, 2002 11:02 PM
> To: Security-Basics (E-mail)
> Subject: RE: Any comments on using SNORT
>
>
> You may not actually be able to do this. Some of the Linksys multiport
> routers use switched ports (the one I have does). Check your router
> documentation to be sure. If it's a switch, it's not going to be very
> interesting to run snort that way because it will only see traffic
through
> that specific port. I've goofed around trying to put a hub in between
but
> have never been successful (but never tried too hard either). Perhaps if
> you put a cheap Linksys 4 port hub on one of the switch ports, and then
used
> the hub ports for your snort box and other machines it might work.
> Regards,
> Fred
> -----Original Message-----
> From: Bejon Parsinia [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 13, 2002 12:36 PM
> To: '[C] Teodorski, Chris'; 'dewt'; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: RE: Any comments on using SNORT
>
>
> Yes, snort can be configured on one of the open ports of the router.
Most
> likely the router's ports act as an unintelligent hub so all should be
fine.
>
> Good luck,
>
> Bejon
>
> -----Original Message-----
> From: [C] Teodorski, Chris [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 12, 2002 10:11 AM
> To: 'dewt'; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: RE: Any comments on using SNORT
>
>
> I have a Linksys DSL/Cable 4 port router.......can I setup snort....and
will
> it provide any useful info?
>
> -----Original Message-----
> From: dewt [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 11, 2002 8:24 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Any comments on using SNORT
>
>
> snort is awesome, i've only tried it on linux systems, so i cant comment
on
> that part of your question. for better log parsing, i reccommend using
> snortsnarf from http://www.silicondefense.com/software/snortsnarf/ and
the
> snort_stat script sometimes available from
http://xanadu.incident.org/snort/
> but it's down a lot and may have moved
> On Saturday 09 March 2002 06:25 pm, Gregory Pipkins wrote:
> > Hello,
> >
> > I am looking a broading my knowledge of using different types of IDS
> > programs. Snort seems like a good open source program.
> >
> > http://www.snort.org
> >
> > Does anyone have any comments about using Snort on their systems?
> >
> > Looking for comments also toward running SNORT on a Windows based
> > system vs Unix/Linux systems.
> >
> > Thanks for your time.
> >
> > Gregory Pipkins
> >
> > ------------------------------------------------
> > Defend Your Domain! Stop Losing Profits!
> > Discover one simple technique that can multiply
> > the success rate of all your marketing efforts!
> > http://einsiders.gregorypipkins.com
> > ------------------------------------------------
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
>
