Just take this Link here: http://www.entropy.ie/research/snort4-latest.pdf
They have a nice explanation of how to setup an IDS system using Snort and ACID on Linux. They are using Redhat for example but i built it on my Mandrake 8.1. Example here: http://JAMy.homelinux.org/ or directly: http://JAMy.homelinux.org/acid/acid_main.php If you have any questions directly to this, just email me. Mit freundlichen Grüßen Marko Muncan __________________________________________ arxes Network Communication Consulting AG Schanzenstraße 36 Gebäude 197 D-51063 Köln Telefon: +49 (0) 221 96486 - 268 Telefax: +49 (0) 221 96486 - WEB: http://www.arxes.de MailTo: [EMAIL PROTECTED] "Naman Latif" <naman.latif@i An: <[EMAIL PROTECTED]> named.com> Kopie: Thema: Setting up an IDS system 31.01.2003 18:34 Hi, I am in the process of setting up and IDS system using Linux\Snort in DMZ. A couple of questions regarding this 1. Is it a safe practice to have access to this system from Inside Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS won't have access to inside network and be blocked by Firewall. 2. What kind of services should be running on IDS Station ? Should all Web\FTp etc services be stopped ? 3. How important it is to also have an IDS system monitoring the traffic on your Inside Network ? I believe it won't be a good idea to have the SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ? Any other suggestions OR any Links that I can refer to ? Regards \\ Naman