Snort mailing list archives
Re: Snort Implementation Guide - ACID-MySQL-Redhat7.2
From: Steve Scott <sjscott007 () earthlink net>
Date: 25 Jul 2002 13:34:04 -0500
Actually, 10/100 hubs are cheap. They cost about 30 - 40 bucks and unless your utilizing 70 to 80 percent of your bandwidth the hubs will work just fine. For redundancy just keep some spares around. We have two T-3(90 megs) that are utilizing about 60 percent of the bandwidth without any problems. You don't want to put all the segments on one hub. for a couple of reasons: 1. You will see all the traffic for all the segments and not be able to distinguish between the segments. 2. You probably have a ton of collisions, thus you have performance issue. The other option is to buy a switch that supports port mirroring and VLANS. This is expensive and depending on the amount of traffic you may overburden the switch. The illustration shows 3 separate IDS systems. In reality you can have one snort box with multiple interfaces that monitor each segment. Just make sure you have a powerful enough box. Regards, Steve On Tue, 2002-07-23 at 04:09, Iñaki Martínez wrote:
Hi!!!I recently finished a large scale deployment of snort sensors, and produced a guide. Your can find it at http://home.earthlink.net/~sjscott007/ Let me know what you think.Really GOOD work........ I would ask you two questions: In the graph "Conceptual Physical IDS Layout": 1) if there is nothing between firewall and internet, how to implement the external IDS???? 2) how to substitute (use other method) the HUBs??? I think that use 3 HUBS and each of them use only 3 ports it is expensive. Thanks for your guide!!!!!!!
------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort Implementation Guide - ACID-MySQL-Redhat7.2 Iñaki Martínez (Jul 23)
- Re: Snort Implementation Guide - ACID-MySQL-Redhat7.2 Steve Scott (Jul 25)