HI.
At home only for didactical pourpose I've built an ADSL sensor with snort:
Iternet <---> MODEM <---pppoe---> FW <---> lan etc.
^
|
+ ----------------> SNORT
but I have to say that the alerts reported are too may to be useful...
even because many of them are blocked by firewall's rules... so this alerts
are only garbage...
Too much information = no information
For snort play this could be an interesting solution, but if you have to
monitor a real network I think this is not the best one.
Alessandro.
On Tuesday 28 March 2006 02:50, Paul Johnson wrote:
Jeremy,
Maybe Mike wants to learn about Snort by analyzing the traffic on his
ADSL connection.
Paul
On 25/03/06, Gaddis, Jeremy L. <jeremy@linuxwiz.net> wrote:
Mike Gilligan wrote:
I have a Netscreen 5GT ADSL FW at my home with two interfaces - inside
and outside. I do have a basic set of IDS sigs on the Netscreen but I
would like to set up a Snort sensor outside the Firewall to look at
unblocked alerts. However, I only have an RJ11 telephone cable to my
ADSL port on the Netscreen and no where to plug in a Snort sensor. I
could plug it in on the inside but I miss a lot of the traffic already
dropped. I know that some SOHO Firewalls like the Linksys ones let you
run Snort on the box itself but this isn't an option for me. Could
anyone suggest a feasible solution?
I've seen people do similar things before, but I can never understand
why. Why do you care about everything that's being blocked? I have
enough to worry about watching the IDS for things that *DO* make it
inside the firewall, without worrying about all the crud that gets
dropped.
-j
--
Jeremy L. Gaddis
GCWN, MCP, Linux+, Network+
http://www.jeremygaddis.com/
-------------------------------------------------------------------------
-- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
-------------------------------------------------------------------------
--
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
