Re: Snort in a switched environment

["Bruno Taranto" <bruno () hiss com br>]

Hy man...
I have a better idea. Its very, very simple!
Some times u can't do a port mirror or other modifications on the
hardware/system of the client.
Depending on the hardware/system u have to learn how to do a port mirror to
get all traffic on that box(switch).
Learn is cool man, but... some times... we dont have time to play with this
toys.
Some times IT professionals dont configure the hardware/system like u like
or when u want.
U have to do a complete solution without modifications or touch on any
system/hardware of the company. Right?
Some time i hate IT professionals.
I saw many problems with "IT professionals x Security Officers".
ITS COOL MAN!!!  >:-)
They always have problems with our security work.
argh!!!
Maybe u r IT professional!!!  :-p~
If... I'm sorry... Forget what i said. :-p~~~

U can do that:

=================================
          INET
             |
             |
        ROUTER
             |
             |
        COOL HUB ---------> SNORT SENSOR
             |
             |
        SWITCH
             |
             |
        COMPANY
             |
             |
        FUCKIN USERS
=================================

:-)

Its simple...  but work!!!
U can use that solution to anything on security (like SNIFFING / NIDS /
SPOOFING / ETC... ).

___________________________________
Internet Security Services
HISS, Inc.

Bruno Taranto
phone: +55 21 2221-2180
phone: +55 21 2508-0505 r.741
phone/fax: +55 21 2232-6209
email: bruno () hiss com br
corporate site: http://www.hiss.com.br
security portal: http://www.hacker.com.br
___________________________________


----- Original Message -----
From: "Bastian Ballmann" <ballmann () co-de de>
To: <snort-users () lists sourceforge net>
Sent: Tuesday, May 14, 2002 12:19 PM
Subject: [Snort-users] Snort in a switched environment


> Hello!
> Is it possible to run Snort in a switched environment? Cause Snort can
only
> sniff the traffic of the host he is running on. Unless he is doing
something
> like ARP poisoning or something like this...
> But I think this would lead into trouble if you run the arpspoof
preprocessor
> ;)
> Greets
>
> Bastian Ballmann
> --
> Bastian Ballmann [ ballmann () co-de de ]
> @ Computational Design GmbH
> [ http://www.co-de.de ]
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users