RE: Any comments on using SNORT

From: David@cawdgw.net
Date: 03/17/02

• Previous message: tps@unslept.com: "Re: Proxy Server question"
• In reply to: Garbrecht, Frederick: "RE: Any comments on using SNORT"
• Next in thread: [C] Teodorski, Chris: "RE: Any comments on using SNORT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: <David@cawdgw.net>
To: "Garbrecht, Frederick" <FGarbrecht@ecogchair.org>, "Security-Basics (E-mail)" <security-basics@securityfocus.com>
Date: Sun, 17 Mar 2002 12:17:51 +0100

The better way to run snort would be to place the snort machine between your
dsl modems 10baseT port and your linksys wan port by using a hub or
splitter. Make darn sure the snort box doesn't have any open ports and is
hardened, because it's basically open to the internet.

The really smart thing would be also set up snort inside your private
address range and then you can compare lods and see just what stuff your
linksys is bit-bucketing AND you can see what got through.. (and how that
happens is a different thread)

DO NOT in any way use passwords or userids on the snort that you use on the
private address range.

D. Weiss
CCNA/MCSE/SSP2

-----Original Message-----
From: Garbrecht, Frederick [mailto:FGarbrecht@ecogchair.org]
Sent: Thursday, March 14, 2002 11:02 PM
To: Security-Basics (E-mail)
Subject: RE: Any comments on using SNORT

You may not actually be able to do this. Some of the Linksys multiport
routers use switched ports (the one I have does). Check your router
documentation to be sure. If it's a switch, it's not going to be very
interesting to run snort that way because it will only see traffic through
that specific port. I've goofed around trying to put a hub in between but
have never been successful (but never tried too hard either). Perhaps if
you put a cheap Linksys 4 port hub on one of the switch ports, and then used
the hub ports for your snort box and other machines it might work.
Regards,
Fred
-----Original Message-----
From: Bejon Parsinia [mailto:bejon@supertel.com]
Sent: Wednesday, March 13, 2002 12:36 PM
To: '[C] Teodorski, Chris'; 'dewt'; gregpip@gregorypipkins.com;
security-basics@securityfocus.com
Subject: RE: Any comments on using SNORT

Yes, snort can be configured on one of the open ports of the router. Most
likely the router's ports act as an unintelligent hub so all should be fine.

Good luck,

Bejon

-----Original Message-----
From: [C] Teodorski, Chris [mailto:cteodorski@ppg.com]
Sent: Tuesday, March 12, 2002 10:11 AM
To: 'dewt'; gregpip@gregorypipkins.com;
security-basics@securityfocus.com
Subject: RE: Any comments on using SNORT

I have a Linksys DSL/Cable 4 port router.......can I setup snort....and will
it provide any useful info?

-----Original Message-----
From: dewt [mailto:dewt@kc.rr.com]
Sent: Monday, March 11, 2002 8:24 PM
To: gregpip@gregorypipkins.com; security-basics@securityfocus.com
Subject: Re: Any comments on using SNORT

snort is awesome, i've only tried it on linux systems, so i cant comment on
that part of your question. for better log parsing, i reccommend using
snortsnarf from http://www.silicondefense.com/software/snortsnarf/ and the
snort_stat script sometimes available from http://xanadu.incident.org/snort/
but it's down a lot and may have moved
On Saturday 09 March 2002 06:25 pm, Gregory Pipkins wrote:
> Hello,
>
> I am looking a broading my knowledge of using different types of IDS
> programs. Snort seems like a good open source program.
>
> http://www.snort.org
>
> Does anyone have any comments about using Snort on their systems?
>
> Looking for comments also toward running SNORT on a Windows based
> system vs Unix/Linux systems.
>
> Thanks for your time.
>
> Gregory Pipkins
>
> ------------------------------------------------
> Defend Your Domain! Stop Losing Profits!
> Discover one simple technique that can multiply
> the success rate of all your marketing efforts!
> http://einsiders.gregorypipkins.com
> ------------------------------------------------
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com

---

• Previous message: tps@unslept.com: "Re: Proxy Server question"
• In reply to: Garbrecht, Frederick: "RE: Any comments on using SNORT"
• Next in thread: [C] Teodorski, Chris: "RE: Any comments on using SNORT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: girl in destress!! ... proxies on non-standard ports, so any "sniffer" programs, such as ... Snort, will not be able to monitor you. ... I used to run open socks and HTTP proxies on non ... HTTP on 8930, corporate admins never got wise to what was ... (comp.security.firewalls) RE: Detecting trojans on random ports with encrypted traffic... ... Isn't this similar to what SPADE does in snort? ... >>> Intrusion Detection does not have to rely on signatures ... >>> detect connections from and to ports that you normally ... >>> counting any connections that are normal like virus scanner ... (Focus-IDS) RE: Any comments on using SNORT ... I have Snort running on a linux box off my Linksys DSL router using the DMZ ... Make darn sure the snort box doesn't have any open ports and is ... (Security-Basics) RE: Any comments on using SNORT ... switch, that would do the same thing really. ... Any comments on using SNORT ... Make darn sure the snort box doesn't have any open ports and is ... I've goofed around trying to put a hub in between ... (Security-Basics) RE: Any comments on using SNORT ... > Subject: RE: Any comments on using SNORT ... Make darn sure the snort box doesn't have any open ports and is ... I've goofed around trying to put a hub in between but ... snort can be configured on one of the open ports of the router. ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)