RE: Snort / Linux on floppy

From: Trey A Mujakporue <trey.trey(at)ntlworld.com>
Date: Wed Jun 25 2003 - 03:32:41 EDT

Since you are very concerend about the the security of the outside sniffer, have you considered putting 2 NIC's the the the box you are running snort on, one with an IP address (non-routable) and one without but in promiscuous mode.
This way, the NIC on the outside cant be seen.

-----Original Message-----
From: mae@ium.no [mailto:mae@ium.no]
Sent: 23 June 2003 14:16
To: focus-ids@securityfocus.com
Subject: Snort / Linux on floppy
Importance: High

I want to set up a Linux box with Snort but when I first are going to do it, I want to do it right. Is it possible to run Linux and Snort from a single floppy? I want to set up an IDS system on both sides of the firewall and am concerned about the security on the outside sniffer. I believe a "write protected" floppy where Snort exports the log would be the secure way but I don't know anyone who has tested it. Will the system respond to slow on an 11mbit line? I have weary little experience, all inputs would be appreciated!

Are there any good IPS Open source projects?? I've tested the NS IPS box and its quite good but the price is not compatible with my budget! :)

Brgs
Martin Engervik

---

Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com

---

Received on Thu Jun 26 14:02:59 2003