[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Running snort on a firewall - advisable?

I had a discussion recently with a fellow sysadmin regarding the wisdom
of running snort on a firewall machine.   He claimed that it was a bad
idea as it required placing the interface into promiscuous mode and that
if the site was hacked into, it provided the hacker with a ready made
way to sniff packets.  My view is that if you've been hacked, it doesn't
matter.  What is the prevailing wisdom?  Do you run IDS software on your
firewall or do you prefer to have your firewall do all your logging and
then analyze your firewall logs?


Nick Busigin  ...Sent from my Debian/GNU Linux Machine...   nick@xwing.org

To obtain my pgp public key, email me with the subject: "get pgp-key"

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: