Re: Multiple network segment monitor with Snort

From: Sergio Pozo Hidalgo (blitter_es_at_yahoo.es)
Date: 10/01/03

  • Next message: Sergio Pozo Hidalgo: "Re: Multiple network segment monitor with Snort" 
    Date: Wed, 01 Oct 2003 21:39:03 +0200
To: focus-ids@securityfocus.com

    > It should be doable, but don't forget to secure the heck out of that
    > sensor. Like:
    > - disable IP forwarding
    > - don't assign IP addresses to the "sniffing" interfaces

    Ops. I need to assign IP address to interfaces and also activate IP
    Forwarding, because the same sensor machine will be the firewall between
    different network segments (that is whay this solution is cheaper, but
    also less secure...). I'm thinking in switching back to the layer2 or
    layer3 switch and try to convince my boss to spend more money :(

    Anyway, it is a departamental network, not a corporate one, so I need to
    balance the cost of the solution to the cost of the information to protect.

    Thank you very much for your advice.
    Sergio

    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------

  • Next message: Sergio Pozo Hidalgo: "Re: Multiple network segment monitor with Snort"

    Relevant Pages

    • Re: What are folks doing to keep the skys dark? monitoring network
      ... powered, 2 channel, wireless, house keeping, root en toot en, all weather device that needs a care taker to clean the windows and calibrate the sensor. ... A calibration cap has a light source and calibrated detector that is used to check the window loss in the field. ... We hope to deploy night sky brightness stations using the net every where funding and the network will let us. ... The calibration of this instrument represents yet another photometry system as V does not directly correlate with CM500 glass photometry. ...
      (sci.astro.amateur)
    • Re: NEMA Anomometers
      ... > I have a Davis wind speed and direction sensor. ... > affordable NEMA wind sensor? ... discontinued Brookes and Gatehouse "Network" instruments, ... To get NMEA data out of the "Network", ...
      (rec.boats.electronics)
    • Malformed DNS or something odd (or just me)
      ... at my network borders. ... the packets contain exactly the same payload as those on udp ports ... the sensor is located in the DMZ of a network that offers no ... the ip of the NAT router is dynamically assigned, ...
      (Incidents)
    • Re: Connecting to VNC or PCAnywhere host via Verizon DSL line
      ... You can find out what it is by starting a Command ... territory to you then you should ask your network administrator ... When you use a DSL router then it obtains an external ... > - With the packet forwarding, where exactly would I do that? ...
      (microsoft.public.win2000.networking)
    • Re: sbs standard / dual nic problem
      ... the answer was to configure port forwarding between the 2 nic's by ... I cnnot configure the router to forward to this network as it is not the ... Forward to a port on the SBS, then forward that port to the target ...
      (microsoft.public.windows.server.sbs)
    Loading