Hi Group
I have just finished setting up snort console box with two snort sensors
running on FreeBSD and all seems to be working perfectly!
However I would be grateful if somebody would be able to help me with one
question:
Firstly here is a quick rundown of my LAN.
I have a FreeBSD-6.0 bridged firewall with three interfaces. The first two
are configured in a bridge (passed through IPFW) with no IP addresses and
the third is a management interface with one public IP Assigned.
One side of the bridge connects into a DSL router and the other side &
management interface connect into a HUB (Not Switch) where various other
FreeBSD systems with public IPs sit:
1] POSTFIX SMTP
2] PRIMARY DNS
3] SNORT CONSOLE
4] NATD SERVER
I currently have a two sensors running on both sides of the NATD Server
which logs traffic both on my private LAN and firewalled public side; this
works perfectly, however its only providing me information on my trusted
network and I still have no idea what's happening on the untrusted side.
So this leads me onto my question:
Is it possible to install a SNORT sensor on the internet facing interface of
my FreeBSD Bridge and if I did would it capture packets before they are
passed through IPFW? Or, as I suspect would it be better if I install a TAP
between my router and the internet facing interface?
Hope somebody can help & many thanks in advance.
Regards
Athena
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
