RE: network segment range which NIDS can detect?

• Previous message: Anders Reed Mohn: "Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618"
• In reply to: SB CH: "network segment range which NIDS can detect?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <security-basics@securityfocus.com>
Date: Thu, 19 Jun 2003 18:38:43 -0500

With a switch, the default action if it can't be sure of a specific port to
use (fail safely) is to send the packet on to all of the ports except the
one it was received from.

Too many packets may overwhelm the per port buffers
Too many MAC addresses for the (usually 1K or 4K) buffer
True broadcast packets (both MAC and perhaps higher level)

etc.

-----Burton

-----Original Message-----
From: SB CH [mailto:chulmin2@hotmail.com]
Sent: Wednesday, June 18, 2003 2:07 AM
To: security-basics@securityfocus.com
Subject: network segment range which NIDS can detect?

Hello, all.

I installed snort NIDS at my linux which connected at switch and I
confirmed that snort could detect some other servers were attacked. As I
know, NIDS can detect some other attacks in the range of a network segment.
Then what is a "same network segment" in the switch?
I can detect some attacks to A server, but B isn't which connected with
same switch.

Surely, I didnt' use the tab or span at switch.

Thanks in advance.

_________________________________________________________________
Àü¼¼°èÀÎÀÌ ÇÔ²²ÇÏ´Â À¥ ¸ÞÀÏ ¼­ºñ½ºÀÎ MSN HotmailÀ» ¸¸³ª º¸¼¼¿ä.
http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc
=1042

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

• Previous message: Anders Reed Mohn: "Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618"
• In reply to: SB CH: "network segment range which NIDS can detect?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]