Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] configuring SNORT on a router/firewall
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 7 Aug 2001 17:00:12 +0300
  • Message-id: <20010807170012.A17710@xxxxxxxx>
* Guy Van Sanden; <sienix@xxxxxxxxxxxxxx> on 07 Aug, 2001 wrote:
> Is anyone using snort on a router?

yeap

> I would like to run it to defend my internal network against
> external attacks, but I can't get it configured properly, and
> the documentation isn't helping...

ehmm. AFAIK snort will not defend your network it is an IDS (Intrusion
Detection System) it will help you to understand how they did it if you
are compromised. Although you can combine snort with "guardian.pl" (to
add the necessary firewall rules) you will still need

a) packet filtering system (ipchains or iptables)
b) harden_suse script of Marc Heuse of SuSE

>
> I'm got everything to the part where I have to define my
> external net... (I got the internal)
> What do I have to fill out to say it's the Internet?

1) have you tried "EXTERNAL_NET !$HOME_NET" or "EXTERNAL_NET any "
2) which version are you using (currently it is 1.8.1-beta6 yet I am
using 1.8-beta3)

HTH
--
Togan Muftuoglu


< Previous Next >
References