RE: Multiple network segment monitor with Snort

kgeorgiades_at_toplayer.com
Date: 10/03/03

  • Next message: Sam f. Stover: "Re: port bonding and taps"
    To: blitter_es@yahoo.es, focus-ids@securityfocus.com
    Date: Fri, 3 Oct 2003 11:00:45 -0400 
    
    

    Try using the Top Layer IDS Balancer. The ROI is immediate!.

    http://www.toplayer.com/content/products/intrusion_detection/ids_balancer.js
    p

    The IDS Balancer allows you to:
    a) Aggregate traffic from various network segments into the input ports
    (from taps or SPAN/Mirror ports)
    b) Filter traffic in way you like
    C) Create multiple copies of the same traffic (if you like)
    d) Distribute the traffic in a very flexible way to the IDS sensors (load
    balancing, n+1 redundancy, mix and match IDS sensors from different
    vendors).

    Our customers use the IDS Balancer as an Intelligent Layer 7 Patch Panel to
    help them build a centralized intelligent monitoring layer, to attach your
    monitoring devices (IDS sensors, sniffers, traffic analyzers, content
    inspection and in general any monitoring device that works in promiscuous
    mode).

    Note: I work for Top Layer Networks.

    Kyriacos (Ken) Georgiades
    Senior Director, Product Line Management
    Top Layer Networks, Inc
    Tel: 508 870 1300 x 231
    Cell: 508 783 5988
    Fax: 508 870 9797
    Email: kgeorgiades@toplayer.com
    www.toplayer.com

    -----Original Message-----
    From: Sergio Pozo Hidalgo [mailto:blitter_es@yahoo.es]
    Sent: Wednesday, October 01, 2003 3:32 PM
    To: focus-ids@securityfocus.com
    Subject: Re: Multiple network segment monitor with Snort

    I know that. But Cisco routers are very expensive. I was looking for
    cheaper solutions. My first desing used a Layer3 switch, but then I
    changed my mind (because of an impossibility for my netscreen border
    router to define more than two zones), and used a cheaper design (but I
    think that also less secure and manageable) with no Layer3 switch, but
    two Layer2 ones. Do you know any cheap Layer2 or Layer3 switch with
    mirror ports?

    Thank you.

    James Williams wrote:

    > If the box is connected to a cisco switch you can setup a port to
    > monitor as many, or as few vlans as you want and send that traffic to
    > the port that your snort box is connected to.

    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------


  • Next message: Sam f. Stover: "Re: port bonding and taps"

    Relevant Pages

    • Re: Taps supporting traffic aggregation ...
      ... I know all the benefits we can have with a IDS Balancer and we can't ... compare a taps with a layer 7 switch. ... My aim with taps supporting traffic aggregation is to reduce the numbers ... you have to use 8 ports on the IDS Balancer ...
      (Focus-IDS)
    • Re: [9fans] Do we have a catalog of 9P servers?
      ... network layer data units, ergo, NAT again. ... The "packet ...
      (comp.os.plan9)
    • Re: 2 pc network - cant see host files from pc 2 on pc 1
      ... Assuming that you have firewall protection via your internet router try ... workgroup because it will be needed for the network to work correctly. ... see if you can access TCP ports 139 and 445 on computer one of which at ... permissions. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: PC Tools Firewall Question
      ... So, it's to be assumed that the two machines that are connected to your router, the LAN or Local Area Network, are never to share resources or network between the two, which are the ports you're blocking below with the PFW. ...
      (comp.security.firewalls)
    • Re: Setting up Remote Desktop web connection in winxp mce to work
      ... Its possible her office network admins are blocking the outgoing ports. ... Also check to see your using the correct public IP for your router and make sure the router is configured to disable remote management. ... > anyway to test the remote connection, other than trying to connection> from ...
      (microsoft.public.windowsxp.work_remotely)