NIDS Recommendations in limited environment...

From: Clint Byrum (cbyrum@spamaps.org)
Date: 07/31/02 

From: Clint Byrum <cbyrum@spamaps.org>
To: focus-ids@securityfocus.com
Date: 31 Jul 2002 13:31:32 -0700

Ok, after running into the mostly useless Intel 510 "port mirroring" in
quite a few locations, I need some advice. What does one do when the
switch in use, cannot provide proper monitoring functions.

Most of the time I'm dealing with a relatively small amount of traffic,
on the order of 30-40Mbit at absolute peak times, and an average of
0.5-1Mbit. The HP ProCurve switches seem to handle this just fine with
their monitoring port setup.

I am using snort on midrange x86 boxes running Linux in most cases.

Thanks in advance.

Relevant Pages

  • Re: Looking for switch recommendations ...
    ... > Has anyone tested port mirroring on these switches and run into ... Every switch that does port mirroring probably has some problems related to ... implemented as a slot-based architecture with all of the slots on one ... that knowlege. ...
    (freebsd-net)
  • RE: Caching a sniffer
    ... >the inherent differences between a switched environment and a hub ... >to login to your switch, enable port mirroring, and sniff data, you ... A switch is basically a hub and router in one. ...
    (Security-Basics)
  • RE: Network not accessible!!?
    ... So I would say you have some sort of port mirroring on the ... on the switch lately. ... the internet on either one of the two other PC's (named ...
    (microsoft.public.windowsxp.network_web)
  • Re: Colasoft Packet Sniffer Doesnt See Internet Traffic
    ... >> Firewall. ... > Either set up- port mirroring on the switch or use a hub instead of a switch. ... Using Colasoft's packet sniffer I can now see all the Internet ...
    (comp.security.firewalls)
Quantcast