Snort mailing list archives

Previous By Date Next
Previous By Thread Next

newbie question - switches

From: "Kevin Oh" <koh1170 () yahoo com>
Date: Thu, 15 Nov 2001 09:36:48 -0800
hi,

newbie question for you.

This is my current configuration

DSL   Cable
 |      |
 |      |
Switch (NexLand ISB Pro800 Turbo)
 |  |  ... |
Local Network

The switch has a firewall in it.  I want to be able to monitor our network
with a Snort 1.8.2 box (VA
Linux 6.2)

However, I cannot set a monitor port (or mirror port) on our switch.  So
i came up with three solutions,

1. buy a better switch (not happening)
2. use the following config

 DSL   Cable
  |      |
  |      |
 Switch (NexLand ISB Pro800 Turbo)
     |
 Snort machine (2 NICs)
     |
 Hub or switch
  | ... |
 Local Network

3. ask you guys for opinions before doing anything.

I opted for the number 3 (probably the best option).  Could anybody
confirm if my idea is acceptable or not?  if it is not could you give me an
alternative?

Thanx in advance.  I appreciate it.

Kevin

ps : love the 'professionalism' thread :)



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: