Snort mailing list archives
Re: To hub or not to hub
From: Javier Liendo <javier () liendo net>
Date: Mon, 6 Jan 2003 16:03:11 -0800 (PST)
hello anthony i have been using a snort box plugged on a hub that sists between the inside interface of a firewall and the internal switch for a couple of months and so far so good...be sure to have the hub inside a rack well locked so nobody (but the one that have the key for the rack) can insert another sniffer on the hub...i did not configure any ip address on this box just to be sure that is not remotely accesible (i do not manage the firewall and getting the firewall manager to configure some rules for this machine was another difficult sell) with the not so great side effect that to configure/monitor snort i have to be sitting at the console (the snort box)... on another side, why not spanning? (in my case i could not do it because an old ios on the switch)... saludos javier --- Anthony Scott <ascott () triadfoodsgroup com> wrote:
Hi. I am going to initially deploy one Snort box on our network. I want to place it right after our firewall to detect anything getting through. We have an all switched environment and I do not want to do any spanning (at least initially). I read two documents on Snort's web site, one said a hub was fine, one said a hub was a bad idea. I like the idea because it would be easy to plug and unplug the snort box without disrupting traffic. I would also like to use the box for a sniffer, ala Ethereal. Thoughts, feelings, ideas? Thanks anthony scott
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- To hub or not to hub Anthony Scott (Jan 06)
- Re: To hub or not to hub Matt Kettler (Jan 06)
- Re: To hub or not to hub Javier Liendo (Jan 06)
- <Possible follow-ups>
- RE: To hub or not to hub Semerjian, Ohanes (Jan 06)
- Re: To hub or not to hub Anthony Scott (Jan 07)
- Re: To hub or not to hub Bob Staaf (Jan 07)
- Re: To hub or not to hub Scot Scot (Jan 07)