I had the same problem so I created a bridged / firewall / IDS
I just got a box with 2 interfaces on it INTERNET -- SNORT BOX -- SWITCH -- NETWORK There are plenty of how-tos on setting up a bridge plus no one can see the snort sensor... -------------- Brian Carpio CSG Systems Inc. Open Systems Unix System Admin x3317 -------------- On Tue, 19 Mar 2002, [C] Teodorski, Chris wrote: > How would I do this, I am only given one IP address by my DSL provider. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Sunday, March 17, 2002 6:18 AM > To: Garbrecht, Frederick; Security-Basics (E-mail) > Subject: RE: Any comments on using SNORT > > > The better way to run snort would be to place the snort machine between your > dsl modems 10baseT port and your linksys wan port by using a hub or > splitter. Make darn sure the snort box doesn't have any open ports and is > hardened, because it's basically open to the internet. > > The really smart thing would be also set up snort inside your private > address range and then you can compare lods and see just what stuff your > linksys is bit-bucketing AND you can see what got through.. (and how that > happens is a different thread) > > DO NOT in any way use passwords or userids on the snort that you use on the > private address range. > > D. Weiss > CCNA/MCSE/SSP2 > > -----Original Message----- > From: Garbrecht, Frederick [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 14, 2002 11:02 PM > To: Security-Basics (E-mail) > Subject: RE: Any comments on using SNORT > > > You may not actually be able to do this. Some of the Linksys multiport > routers use switched ports (the one I have does). Check your router > documentation to be sure. If it's a switch, it's not going to be very > interesting to run snort that way because it will only see traffic through > that specific port. I've goofed around trying to put a hub in between but > have never been successful (but never tried too hard either). Perhaps if > you put a cheap Linksys 4 port hub on one of the switch ports, and then used > the hub ports for your snort box and other machines it might work. > Regards, > Fred > -----Original Message----- > From: Bejon Parsinia [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 13, 2002 12:36 PM > To: '[C] Teodorski, Chris'; 'dewt'; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: Any comments on using SNORT > > > Yes, snort can be configured on one of the open ports of the router. Most > likely the router's ports act as an unintelligent hub so all should be fine. > > Good luck, > > Bejon > > -----Original Message----- > From: [C] Teodorski, Chris [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, March 12, 2002 10:11 AM > To: 'dewt'; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: Any comments on using SNORT > > > I have a Linksys DSL/Cable 4 port router.......can I setup snort....and will > it provide any useful info? > > -----Original Message----- > From: dewt [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 11, 2002 8:24 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: Any comments on using SNORT > > > snort is awesome, i've only tried it on linux systems, so i cant comment on > that part of your question. for better log parsing, i reccommend using > snortsnarf from http://www.silicondefense.com/software/snortsnarf/ and the > snort_stat script sometimes available from http://xanadu.incident.org/snort/ > but it's down a lot and may have moved > On Saturday 09 March 2002 06:25 pm, Gregory Pipkins wrote: > > Hello, > > > > I am looking a broading my knowledge of using different types of IDS > > programs. Snort seems like a good open source program. > > > > http://www.snort.org > > > > Does anyone have any comments about using Snort on their systems? > > > > Looking for comments also toward running SNORT on a Windows based > > system vs Unix/Linux systems. > > > > Thanks for your time. > > > > Gregory Pipkins > > > > ------------------------------------------------ > > Defend Your Domain! Stop Losing Profits! > > Discover one simple technique that can multiply > > the success rate of all your marketing efforts! > > http://einsiders.gregorypipkins.com > > ------------------------------------------------ > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com >
