[Snort-users] Wanting to run Snort on DMZ
This is a discussion on [Snort-users] Wanting to run Snort on DMZ within the Snort forums, part of the System Security and Security Related category; Hello everyone. I am a Snort newbie, and have a few questions, if you could help I would be grateful... ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-24-2003
|
|||
|
|||
[Snort-users] Wanting to run Snort on DMZ
Hello everyone.
I am a Snort newbie, and have a few questions, if you could help I would be grateful... I have a hardware firewall that sits on my Network, now what I want to do is use the DMZ and pass it to Snort running on Redhat 9 to see exactly what is hitting the router. I have snort installed and working in NIDs mode. Is this the correct way to have snort set to monitor port scans Dos attacks etc? The problem is this, the linux box that runs snort also hosts several other services. It has two network cards (eth0 and eth1) eth0 is the safe protected side of the network linked to the firewall, and eth1 is the snort interface. Now when I connect eth1 to the DMZ, as you would expect that machine bypasses the firewall and is completly open. I asked in a newsgroup about seperating the two interfaces, so that any traffic and services are not used on eth1. To all intents and purposes they are seperate machines, and no services are exposed outside of the LAN. I thought about using IPTables to protect eth1, but would that block snort from listening? or is it working at a level below the iptables? quote "I would think snort is checking the network stack at the kernel level before the firewall is able to block it. If that is the case then you should be able to safely see all activity on snort without opening the box to the world." If I could use iptables is there any chance anyone out there could give me a pointer on how to set up iptables to protect eth1? I apologise if I appear thick, learning curve is steep! Many thanks for any help you can offer...... -- Best regards, Michael (mike@thompsonmike.co.uk) Top Fifty Least-Known Facts About Saddam Hussein-- Busy burning all his valentines from Osama. http://www.thompsonmike.co.uk/ PGP KeyID := 0xA9547E32 'To see a world in a grain of sand And heaven in a wild flower To hold infinity in the palm of your hand And eternity in an hour' Using TheBat! Version 2.02.3 CE Running On Windows XP (2600, Service Pack 1) Sent From newsgroups ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 01:22 AM.
