snort IDS on internal nic?

G'Day

It is certainly feasable. Bear in mind that you should run SNORT in a CHROOT environment in this situation.

There are various CHROOT environments in /VAR... Copy one and place a SNORT distribution in it. If you have never dealt with CHROOT before you might have some fun, but it is feasable.

As far as I can tell, ASTARO is LINUX with configuration software that makes it into a firewall appliance. There is still bare LINUX underneith.

Darryl

Parents

0 frizille over 24 years ago

I am currently running Checkpoint with the Snort IDS on the internal NIC, firewall filter installed on the outside NIC. This has worked great, as I can watch any and all traffic that has made it through the firewall (I get great attacks all the time that the IDS picks up, highly recommend Snort for IDS work). Can you do the same thing on a ASL firewall box? I noticed when you log into the machine it has what appears to be a full Linux install. Is this feasible?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 frizille over 24 years ago

I am currently running Checkpoint with the Snort IDS on the internal NIC, firewall filter installed on the outside NIC. This has worked great, as I can watch any and all traffic that has made it through the firewall (I get great attacks all the time that the IDS picks up, highly recommend Snort for IDS work). Can you do the same thing on a ASL firewall box? I noticed when you log into the machine it has what appears to be a full Linux install. Is this feasible?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data