Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Related Discussions
-
0
-
0
-
0
-
3
-
2
Trying to determine Snort IDS placement
My home network consists of a cable modem, connected to a PIX-501 firewall. I have the firewall connected to a 24-port switch, which in turn I use to connect all my clients. The firewall still has 3 unused Ethernet ports.
I have a Snort machine; I'm trying to figure out where best place to plug it in. If I connect to either a port on the PIX or to the workgroup switch, I will only get broadcast traffic, and traffic destined for the SNORT machine.
I have a document (Google: Snort 2.9.3 and Snort Report Ubuntu 12.04) which shows that I should put a switch with mirrored port in between the broadband, and firewall. I don't want to use a full-fledged switch so I tried placing a hub between these two appliances. But the PIX was never able to get an internet connection; that didn't surprise me.
Since I have that hub (and I've verified it's a true 8-port hub) - can anybody suggest how I can engineer this setup to capture all traffic coming in?
I am also considering purchasing an ASA 5505 to replace the PIX. Would this give me more options?
Awaiting your advice - thank you!!
-bk6662
This conversation is currently closed to new comments.