Multiple network segment monitor with Snort

From: Sergio Pozo Hidalgo (blitter_es_at_yahoo.es)
Date: 09/24/03

  • Next message: Thompson, Jimi: "RE: "False positive" database idea" 
    Date: Wed, 24 Sep 2003 20:59:28 +0200
To: focus-ids@securityfocus.com

    Hi,
    I'm planning to deploy a lab network where there will coexist some
    manageable layer 2 switches with VLANs and trunk ports to bind a Snort
    sensor to.
    The problem is that we're short on budget and I wan't to deploy various
    Snort sensors at different network zones.

    Can I use the same physical machine (with as many ethernet cards as
    sensors I want to deploy) and use various and independent snort
    processes? I neither know if only one Snort process can control
    different network cards at the same time. And yes, I know that I can hog
    the sensor, but the networks are going to have little traffic (at least
    right now!).

    Thank you very much in advance.

    Regards,
    Sergio Pozo

    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------

  • Next message: Thompson, Jimi: "RE: "False positive" database idea"

    Relevant Pages

    • Re: What are folks doing to keep the skys dark? monitoring network
      ... powered, 2 channel, wireless, house keeping, root en toot en, all weather device that needs a care taker to clean the windows and calibrate the sensor. ... A calibration cap has a light source and calibrated detector that is used to check the window loss in the field. ... We hope to deploy night sky brightness stations using the net every where funding and the network will let us. ... The calibration of this instrument represents yet another photometry system as V does not directly correlate with CM500 glass photometry. ...
      (sci.astro.amateur)
    • Re: Windows based (H)IDS
      ... It may seems so obvious that snort library is very ... Security but it is a commercial product. ... > softwares can be added to the ... > over a network. ...
      (Focus-IDS)
    • Re: Please Help - Strange problem with my servers - Locked out
      ... > The other server is directly connected to the Internet ... > I have a workstation on the WORK network. ... > The WORK network can talk to both HOME and COLO ... > Does snort drop packets? ...
      (comp.unix.bsd.freebsd.misc)
    • Re: Please Help - Strange problem with my servers - Locked out
      ... > The other server is directly connected to the Internet ... > I have a workstation on the WORK network. ... > The WORK network can talk to both HOME and COLO ... > Does snort drop packets? ...
      (comp.security.firewalls)
    • Re: newbie needs help with iptables basics (please)
      ... >I have RTFM (man iptables) and have read several docs off the net and pages ... Implement Multi-Router Traffic Grapher to establish network ... discuss & plan the implementation of Snort 2.0 Intrustion ... Install Snort 2.0 Network-based Intrusion Detection System ...
      (comp.os.linux.security)