Snort sensor placement
From: Brian Carvalho (brian.carvalho@verizon.net)Date: 09/21/01
- Previous message: Jose Nazario: "Re: Fragrouter and linux 2.4"
- Next in thread: Pedro Ortale Neto: "Re: Snort sensor placement"
- Reply: Pedro Ortale Neto: "Re: Snort sensor placement"
- Reply: Stuart Staniford: "Re: Snort sensor placement"
- Reply: Dave Vehrs: "RE: Snort sensor placement"
- Reply: Lee Binette: "Re: Snort sensor placement"
- Reply: JSeddon@semtech.com: "Re: Snort sensor placement"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <002d01c14232$03c7ac60$1993c7c6@herzog.com> From: "Brian Carvalho" <brian.carvalho@verizon.net> To: <focus-ids@securityfocus.com> Subject: Snort sensor placement Date: Thu, 20 Sep 2001 20:11:51 -0400
I'd like to use a dedicated machine running Snort to monitor
a server. I do not want to listen to all the traffic on the wire,
just the traffic hitting my host.
Should I connect the server and Snort box to its own hub
and then connect that hub where the server used to be?
This way the Snort box would only see the server..
Am I going about this the wrong way? Any other ways?
- Previous message: Jose Nazario: "Re: Fragrouter and linux 2.4"
- Next in thread: Pedro Ortale Neto: "Re: Snort sensor placement"
- Reply: Pedro Ortale Neto: "Re: Snort sensor placement"
- Reply: Stuart Staniford: "Re: Snort sensor placement"
- Reply: Dave Vehrs: "RE: Snort sensor placement"
- Reply: Lee Binette: "Re: Snort sensor placement"
- Reply: JSeddon@semtech.com: "Re: Snort sensor placement"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
