Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort on switched network

From: Mike Shaw <mshaw () wwisp com>
Date: Tue, 09 Oct 2001 13:50:36 -0500
As long as your switch is manageable, not bad at all.
Run the port in "mirrored", "monitored", or "span" mode. The term depends on the make/model. In really big switches or very complex environments, you *sometimes* have to watch out for a performance hit, but that's very rare. 

-Mike

At 02:06 PM 10/9/2001 -0400, Ashley Thomas wrote:

hi,

It is a bad idea to run Snort (or any IDS for that matter) on a switched
network, am i right ?
Are there any work arounds ?

thanks a lot
ashley


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: