Re: Snort and ADSL

Mike Gilligan wrote:
> I have a Netscreen 5GT ADSL FW at my home with two interfaces - inside 
> and outside. I do have a basic set of IDS sigs on the Netscreen but I 
> would like to set up a Snort sensor outside the Firewall to look at 
> unblocked alerts. However, I only have an RJ11 telephone cable to my 
> ADSL port on the Netscreen and no where to plug in a Snort sensor. I 
> could plug it in on the inside but I miss a lot of the traffic already 
> dropped. I know that some SOHO Firewalls like the Linksys ones let you 
> run Snort on the box itself but this isn't an option for me. Could 
> anyone suggest a feasible solution?

I've seen people do similar things before, but I can never understand 
why.  Why do you care about everything that's being blocked?  I have 
enough to worry about watching the IDS for things that *DO* make it 
inside the firewall, without worrying about all the crud that gets dropped.

-j

--
Jeremy L. Gaddis
GCWN, MCP, Linux+, Network+
http://www.jeremygaddis.com/

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------