Hi all,
I have a 3.3 based firewall, and I am looking at deploying snort on a 3rd
interface. It seems like dup-to is the best option for this, but I have a
few questions as to how it works.
How does dup-to work with scrub ? If scrub is reassembling packets, how
could the IDS
Why don't you just run a chrooted snort on $ext_if?
Chris
On Wed, Sep 10, 2003 at 09:25:37AM -0400, Aaron Wade wrote:
> Hi all,
> I have a 3.3 based firewall, and I am looking at deploying snort on a 3rd
> interface. It seems like dup-to is the best option for this, but I have a
> few qu
On Wed, Sep 10, 2003 at 10:50:24AM -0500, Chris Reining wrote:
> Why don't you just run a chrooted snort on $ext_if?
choose one:
a. machines running snort usually have much higher requirements
(disk space, cpu, connection to a database?)
b. complex processes/services on a firewall is a bad thi
