Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Steven on August 07, 2002, 07:30:05 PM

Title: IDS - eth0 & eth1 possible?
Post by: Steven on August 07, 2002, 07:30:05 PM

I setup Snort/Acid and didn't think it worked, but have now realized that by default eth1 is monitored which is the internal interface on my setup, so I'm giving it another try!

Is it possible with the Snort/Acid packages to select to monitor both the external and internal interfaces (eth0, eth1)?  I have setup an e-smith box at a school for web, mail, and content-filtering, so the server may receive crack attempts from the internal network.

Title: Re: IDS - eth0 & eth1 possible?
Post by: Tom Veitch on August 07, 2002, 10:36:53 PM

Yes it is

you need to edit the snort config file and change it so its not locked to an ip address

where it has the ip replace with "any"


Tom