Menu
▾
▴
RE: [Snort-inline-users] Re: rc.firewall script editing - Follow-up to post last month
|
From: Brian J. <bja...@ci...> - 2004-02-26 14:31:16
|
Nathan wrote:- > see so many inline bridge deployments. Has anyone successfully done an inline with nat? I have been running snort_inline within my IPCop natted firewall on inbound traffic for a few months now. The setup is roughly as described by William Metcalfe. You have to be very, very careful about which rules to implement! I started with about a dozen and that has grown to circa 400. False positives are a definite no, no! The results are terrific. Every alert into the DMZ is of interest. The most common being notification of access to robots.txt on the web server. Well worth the effort. I (think I) know exactly where to focus my efforts. regards, Brian |
