Hi,
Thought i would put this here rather than networking, but I need to have a play around with Snort and learn the basics of it but im not sure how it would be best implemented on my LAN, or if its even at all possible given my setup.
Current setup is (apologies for lame diagram):
Now the lower nodes 1,2,3 are not my machines (student house
) so i cant filter them through an IDS.
However is it possible for me to make a virtual host coming off the second switch which will run Snort so it will filter nodes 4 and 5? Im not sure if this is even possible I assume i would have to set squid proxy up on it or something and channel all traffic to and from the router through it?
Secondly if this isn't possible how is snort usually implemented in a LAN? does it go router(inc modem) -> IDS -> nodes? so the IDS box kind of acts as a secondary router?
Thanks for any advice,
Jack
Thought i would put this here rather than networking, but I need to have a play around with Snort and learn the basics of it but im not sure how it would be best implemented on my LAN, or if its even at all possible given my setup.
Current setup is (apologies for lame diagram):
Now the lower nodes 1,2,3 are not my machines (student house
) so i cant filter them through an IDS.However is it possible for me to make a virtual host coming off the second switch which will run Snort so it will filter nodes 4 and 5? Im not sure if this is even possible I assume i would have to set squid proxy up on it or something and channel all traffic to and from the router through it?
Secondly if this isn't possible how is snort usually implemented in a LAN? does it go router(inc modem) -> IDS -> nodes? so the IDS box kind of acts as a secondary router?
Thanks for any advice,
Jack