[TriLUG] Snort questions

Dan Monjar dan at daijin.dissimulo.net
Fri Nov 12 10:59:31 EST 2004


gregbrown at mindspring.com wrote:
> I'm new to installing and configuring snort.  I'd like to run snort on my home network to tweak and play with.  Here my is my current setup and what I'd like to do:
> 
> 
> Internet -> cable modem -> m0n0wall -> home server
> 
> What I'd like to do it:
> 
> Internet -> cable modem -> m0n0wall -> repeater -> home server
>                                                                  |
>                                                                  |------> 2nd card on home server running snort
> 
> At the moment my home "server" is a P-II doing essentially disk sharing and acting as a printer server and syslog server for m0n0wall.  Would running snort crush my meager processor?   
> 
> Greg
> 
> 
> 
I'm running snort on my internal work network... I have a sensor box 
that is a PIII at 450MHz, it is attached to a 100Mb port on my Catalyst 
  switch configured as a SPAN port.  The sensor logs to a separate box 
running MySQL... here's the latest stats from my sensor box:

-*> Snort! <*-
Version 2.2.0 (Build 30)
By Martin Roesch (roesch at sourcefire.com, www.snort.org)
Snort received 18596713 packets
     Analyzed: 17945053(96.496%)
     Dropped: 651660(3.504%)


I'd say running on your home network you'll be fine.



More information about the TriLUG mailing list