keiwan ratliff dating - Updating snort


You need to either tap into the link you want to monitor using a hub, or you have to do port spanning on your switch.

If you're interested in monitoring traffic coming in from the Internet, given that most Internet (broadband) connections are less than 10 megabit you can pick up an old 4-port 10-meg hub on e Bay to tap into this link.

Because LAMP servers tend to attract hackers we'll want to put the Snort box on an internal network but this requires setting up your Snort box with two NICs.

One NIC is connected to your internal network with an appropriate IP address for that network (like 172.24.1.20).

You may see the term IPS for Intrusion Prevention Systems which takes things one step further, having the IDS adjust the firewall when it discovers something.