IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Multiple network segment monitor with Snort

From: kgeorgiades () toplayer com
Date: Mon, 29 Sep 2003 09:41:54 -0400
Of course you can also use the Top Layer IDS Balancer to aggregate the
traffic from multiple segments into the IDS Balancer, and then filter the
traffic (if you like) and distribute it to the Snort IDS. You can even add a
second IDS for redundancy (or add a different type or IDS, a sniffer or any
other monitoring device.)

http://www.toplayer.com/content/products/intrusion_detection/ids_balancer.js
p

Note: I work for Top Layer Networks.

Ken Georgiades

-----Original Message-----
From: James Williams [mailto:jwilliams () mail wtamu edu]
Sent: Friday, September 26, 2003 5:43 PM
To: focus-ids () securityfocus com
Subject: RE: Multiple network segment monitor with Snort


If the box is connected to a cisco switch you can setup a port to
monitor as many, or as few vlans as you want and send that traffic to
the port that your snort box is connected to. 

James Williams
Network Systems Engineer

-----Original Message-----
From: Jason Haar [mailto:Jason.Haar () trimble co nz] 
Sent: Thursday, September 25, 2003 11:41 PM
To: focus-ids () securityfocus com
Subject: Re: Multiple network segment monitor with Snort

On Thu, Sep 25, 2003 at 05:00:23PM -0400, Keith W. McCammon wrote:

Yep, no problem.  I run between 2-4 per FreeBSD-based sensor.  As long



as you keep up on RAM you're cool.


...and don't forget you're PCI backplane limits... I *think* a standard
PCI-based box is good for up to 4 100Mb Ethernet cards, and being picky
about card choices/etc can push that up to 6 100M cards - but beyond
that
you exceed the limits of the PC arch...?


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance
Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: