Re: IDS on an internal server

From: Joe Lyman (
Date: 08/15/01

Message-Id: <>
Date: Wed, 15 Aug 2001 14:50:01 -0700
From: "Joe Lyman" <>
To: <>, <>
Subject: Re: IDS on an internal server

We ran the same thing on a linux box behind our router with no problems. I would recommend using a one-way sniffer cable, which can be easily constructed (5 min). See

The one way cable gives almost unbreachable security for your IDS on that NIC.

The page isn't too specific about the capacitory. I'm using a 100mF 16v capacitor for my 10MB connection and it works fine. A smaller one would work for 100MB, perhaps a 47mF.

-Joseph Lyman
Graphic Products, Inc.
503-644-5572 ex 5662
800-788-5572 Toll Free

>>> Aaron Dokey <> 08/15/01 10:44AM >>>
I have a win2k box on my trusted internal network that processes logs,
monitors other machines, etc... I would like to put a NIC in this machine
with no bindings to any protocol or service for the soul purpose of putting
snort right behind our internet router. I don't see any security
implications as long as no protocols or services are bound to the interface
but I'd like to double check. Any complications that I am missing? Anyone
have a similar configuration?

Thank you,
Aaron Dokey

Relevant Pages

  • RE: VPN PPTP problem
    ... Internet Security and Acceleration Server 2004 Standard ... | Protocol Info ... | Header checksum: 0x7708 ... | Transmission Control Protocol, Src Port: 1619, Dst Port: pptp ...
  • More info (Re: ppp dialin problems: mgetty and ppp.conf)
    ... connection to the Internet, however, it appears that if I maintain the ... slots with slot compression ... 0x8057 (Internet Protocol V6 Control Protocol) was rejected! ...
  • Re: Why so much cross-posting?
    ... BTW the Protocol came from UK and France AFAIRC ... So you were on the internet in the mid-70s through your connection ... The British NPL network was developed at the NPL lab in Teddington. ...
  • Re: New to ISA
    ... Is it safe to have protocol and content ... > The ports that will open are for the external interface of ISA Server ... > ISA Server 2000 can't use packet filters for NATed clients. ... >> All i want to do is NATing to my internal web servers and internet ...
  • Help Interpreting data from Wireshark
    ... Today while on the Internet I got the following data from on my Wireshark display. ... Protocol Info ... Fragment offset: 0 ... Header checksum: 0x78f0 ...