IDS mailing list archives
RE: Multiple network segment monitor with Snort
From: kgeorgiades () toplayer com
Date: Mon, 29 Sep 2003 09:41:54 -0400
Of course you can also use the Top Layer IDS Balancer to aggregate the traffic from multiple segments into the IDS Balancer, and then filter the traffic (if you like) and distribute it to the Snort IDS. You can even add a second IDS for redundancy (or add a different type or IDS, a sniffer or any other monitoring device.) http://www.toplayer.com/content/products/intrusion_detection/ids_balancer.js p Note: I work for Top Layer Networks. Ken Georgiades -----Original Message----- From: James Williams [mailto:jwilliams () mail wtamu edu] Sent: Friday, September 26, 2003 5:43 PM To: focus-ids () securityfocus com Subject: RE: Multiple network segment monitor with Snort If the box is connected to a cisco switch you can setup a port to monitor as many, or as few vlans as you want and send that traffic to the port that your snort box is connected to. James Williams Network Systems Engineer -----Original Message----- From: Jason Haar [mailto:Jason.Haar () trimble co nz] Sent: Thursday, September 25, 2003 11:41 PM To: focus-ids () securityfocus com Subject: Re: Multiple network segment monitor with Snort On Thu, Sep 25, 2003 at 05:00:23PM -0400, Keith W. McCammon wrote:
Yep, no problem. I run between 2-4 per FreeBSD-based sensor. As long
as you keep up on RAM you're cool.
...and don't forget you're PCI backplane limits... I *think* a standard PCI-based box is good for up to 4 100Mb Ethernet cards, and being picky about card choices/etc can push that up to 6 100M cards - but beyond that you exceed the limits of the PC arch...? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------ --- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 --------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Sep 25)
- Re: Multiple network segment monitor with Snort Keith W. McCammon (Sep 25)
- Re: Multiple network segment monitor with Snort Jason Haar (Sep 26)
- RE: Multiple network segment monitor with Snort James Williams (Sep 26)
- Re: Multiple network segment monitor with Snort Jason Haar (Sep 26)
- Re: Multiple network segment monitor with Snort Anton A. Chuvakin (Sep 26)
- Re: Multiple network segment monitor with Snort Florin Andrei (Sep 30)
- <Possible follow-ups>
- RE: Multiple network segment monitor with Snort kgeorgiades (Sep 29)
- Re: Multiple network segment monitor with Snort Keith W. McCammon (Sep 25)