Running snort on a firewall - advisable?

To: debian-firewall@lists.debian.org
Subject: Running snort on a firewall - advisable?
From: Nick Busigin <nick@xwing.org>
Date: Tue, 2 Apr 2002 10:40:25 -0500 (EST)
Message-id: <[🔎] Pine.LNX.3.96.1020402103611.32727A-100000@xwing.xwing.org>

I had a discussion recently with a fellow sysadmin regarding the wisdom
of running snort on a firewall machine.   He claimed that it was a bad
idea as it required placing the interface into promiscuous mode and that
if the site was hacked into, it provided the hacker with a ready made
way to sniff packets.  My view is that if you've been hacked, it doesn't
matter.  What is the prevailing wisdom?  Do you run IDS software on your
firewall or do you prefer to have your firewall do all your logging and
then analyze your firewall logs?

                                       Nick

--------------------------------------------------------------------------
Nick Busigin  ...Sent from my Debian/GNU Linux Machine...   nick@xwing.org

To obtain my pgp public key, email me with the subject: "get pgp-key"
--------------------------------------------------------------------------


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Running snort on a firewall - advisable?
  - From: "Jeremy T. Bouse" <jbouse@debian.org>
- Re: Running snort on a firewall - advisable?
  - From: Frederik Schueler <fs@lowpingbastards.de>

Prev by Date: Re: cable modem on home network
Next by Date: Re: cable modem on home network
Previous by thread: RE: cable modem on home network
Next by thread: Re: Running snort on a firewall - advisable?
Index(es):
- Date
- Thread