I setup Snort/Acid and didn't think it worked, but have now realized that by default eth1 is monitored which is the internal interface on my setup, so I'm giving it another try!
Is it possible with the Snort/Acid packages to select to monitor both the external and internal interfaces (eth0, eth1)? I have setup an e-smith box at a school for web, mail, and content-filtering, so the server may receive crack attempts from the internal network.
1 Replies
410 Views