Security Basics mailing list archives
RE: Passive Snort Setup
From: "Gould, Scott" <scott.gould () gogstats org>
Date: Fri, 20 Feb 2009 10:32:35 -0500
Are you looking to do any blocking of traffic or will this simply be a detection device? If you are not going to do any blocking, a tap might fit the bill nicely. Best regards, Scott -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Daniel Hood Sent: Friday, February 20, 2009 12:53 AM To: security-basics () securityfocus com Subject: Fwd: Passive Snort Setup I think the Hogwash or snort_inline ideas look the best. I want to manage it completely via BASE cause I am lazy and dont like monitoring it any other way. If I used this same topology where would I set up the webserver (which interface? and i know it would need an ip) to run BASE? and would hogwash or snort_inline work? or would I need a 3rd interface used for management? Thanks, Daniel
Current thread:
- Passive Snort Setup Daniel Hood (Feb 19)
- Re: Passive Snort Setup Ivan . (Feb 19)
- Re: Passive Snort Setup Ray Van Dolson (Feb 19)
- Message not available
- Fwd: Passive Snort Setup Daniel Hood (Feb 20)
- RE: Passive Snort Setup Gould, Scott (Feb 20)
- Message not available
- Re: Passive Snort Setup Javier Reyna (Feb 19)
- RE: Passive Snort Setup Jeremi Gosney (Feb 20)
- Re: Passive Snort Setup Michal Purzynski (Feb 20)