Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Snort and IP tables



On Wednesday 25 February 2004 05:20 pm, patrick.niessen@example.com wrote:

> Is it possible to run snort as an ids on the same machine, or will IPTABLES
> block all not permitted protocols?

Options:

Put in a second NIC and bind snort to that interface.  Eth0 continues as 
before, eth1 runs snort. 

Another possibility to check would be if Snort can bind to a subinterface (to 
use Cisco's terminology; I forget what Linux calls those), in which case you 
shouldn't even have to buy a second NIC.  However, NICs are cheap, and it's 
probably less trouble that way.

Jonathan
-- 
99 pounds of natural born goodness
99 pounds of soul!


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links