Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] configuring SNORT on a router/firewall
  • From: "Guy Van Sanden" <sienix@xxxxxxxxxxxxxx>
  • Date: Wed, 08 Aug 2001 09:59:50 +0200
  • Message-id: <3b70f2ee.f513.0@xxxxxxxxxxxxxx>
Thanks Togan

I tried the EXTERNAL_NET any now, and it seems to work.

I run SuSEfirewall on an old P120 system, it's working fine.
I want to run SNORT mainly to detect port-scans (and warn me
immediately if I'm logged in)... and to see if someone tries to
do something like spread a worm-virus through my provider. I'm
a cable-user, and my firewall is up 24/24 7/7 so I get a lot of
this stuff (fortunately, the firewall has always protected me).

Thanks for your help, I'll check out harden_suse to, I'm not
using that yet.



>* Guy Van Sanden; <sienix@xxxxxxxxxxxxxx> on 07 Aug, 2001 wrote:
>> Is anyone using snort on a router?
>
>yeap
>
>> I would like to run it to defend my internal network against
>> external attacks, but I can't get it configured properly, and
>> the documentation isn't helping...
>
>ehmm. AFAIK snort will not defend your network it is an IDS
(Intrusion
>Detection System) it will help you to understand how they did
it if you
>are compromised. Although you can combine snort with
"guardian.pl" (to
>add the necessary firewall rules) you will still need
>
>a) packet filtering system (ipchains or iptables)
>b) harden_suse script of Marc Heuse of SuSE
>
>>
>> I'm got everything to the part where I have to define my
>> external net... (I got the internal)
>> What do I have to fill out to say it's the Internet?
>
>1) have you tried "EXTERNAL_NET !$HOME_NET" or "EXTERNAL_NET any "
>2) which version are you using (currently it is 1.8.1-beta6 yet
I am
>using 1.8-beta3)
>
>HTH
>--
>Togan Muftuoglu
>
>
>--
>To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
>For additional commands send e-mail to
suse-linux-e-help@xxxxxxxx
>Also check the FAQ at http://www.suse.com/support/faq and the
>archives at http://lists.suse.com
>
>

< Previous Next >
Follow Ups