RE: Multiple network segment monitor with Snort

From: James Williams (jwilliams_at_mail.wtamu.edu)
Date: 09/26/03

  • Next message: Muhammad Faisal Rauf Danka: "Re: Test tools for IDS"
    To: <focus-ids@securityfocus.com>
    Date: Fri, 26 Sep 2003 16:42:55 -0500
    
    

    If the box is connected to a cisco switch you can setup a port to
    monitor as many, or as few vlans as you want and send that traffic to
    the port that your snort box is connected to.

    James Williams
    Network Systems Engineer

    -----Original Message-----
    From: Jason Haar [mailto:Jason.Haar@trimble.co.nz]
    Sent: Thursday, September 25, 2003 11:41 PM
    To: focus-ids@securityfocus.com
    Subject: Re: Multiple network segment monitor with Snort

    On Thu, Sep 25, 2003 at 05:00:23PM -0400, Keith W. McCammon wrote:
    > Yep, no problem. I run between 2-4 per FreeBSD-based sensor. As long

    > as you keep up on RAM you're cool.

    ...and don't forget you're PCI backplane limits... I *think* a standard
    PCI-based box is good for up to 4 100Mb Ethernet cards, and being picky
    about card choices/etc can push that up to 6 100M cards - but beyond
    that
    you exceed the limits of the PC arch...?

    -- 
    Cheers
    Jason Haar
    Information Security Manager, Trimble Navigation Ltd.
    Phone: +64 3 9635 377 Fax: +64 3 9635 417
    PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
    ------------------------------------------------------------------------
    ---
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to: 
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance
    Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to: 
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------
    

  • Next message: Muhammad Faisal Rauf Danka: "Re: Test tools for IDS"

    Relevant Pages

    • Re: ethereal capture
      ... switch to monitor other ports into your specific port, ... Assistant Network Administrator ...
      (Security-Basics)
    • RES: snort- problems
      ... snort is monitoring only the ... It is important to gather some other information about your network, ... assign the "monitor port" to snort. ...
      (Focus-IDS)
    • Sniffer port in 3550 switches
      ... I want to set up a port to monitor ALL the traffic on my network. ... unmanaged switches connected via crossover cables to various switches. ...
      (comp.dcom.sys.cisco)
    • Re: Internet Usage Tracking Software?
      ... ideally) which will track my usage stats - time online, ... There is MenuMeters which will monitor your network port and tell you ...
      (uk.comp.sys.mac)
    • RE: Printing from Win9x clients stops
      ... > and make sure this software does not interfere with SBS Server. ... > clients, please disable it and try again. ... Create a local printer and redirect the port to the network server. ...
      (microsoft.public.windows.server.sbs)