Snort mailing list archives
Re: Cisco switch configuration for sensor
From: twig les <twigles () yahoo com>
Date: Thu, 16 Jan 2003 10:11:14 -0800 (PST)
It sounds fine but you almost never see the mistakes until after they ruin your morning. There is only one way to find out if it works.... One thing though, Spanning Tree Protocol (STP) is used for loop-prevention at layer 2. If this is a SOHO setup with no redundant connections to the switching infrastructure then you can just turn STP off. Switch Port ANalyzer (SPAN) is normally used for sniffing on Cisco Catalysts but that feature is in the bigger switches like 6500s. A 1900, if it is like a 2900 (never used a 1900), should just have port monitoring, which is a slimmed-down version of SPAN. --- gr8dane2 () bellsouth net wrote:
Ok, I checked the Cisco sites and believe I have this setup properly. I just wanted to run it past the Snort gurus for confirmation before I hook it up. I am using a Cisco 1900 series switch that has 12 10baseT ports (1x-12x) and 2 100baseTX ports (Ax and Bx). I have a DSL router that is 10baseT (plugged into port 1x), snort sensor with a 10/100 NIC (port Ax) and a firewall with 10/100 NIC (port Bx). I have enabled the Spanning-Tree protocal. I have setup port Ax to monitor 1x and Bx. Then I disabled the web interface, of course. I am using the modified patch cable that will only allow inbound traffic on the sensor, a cross-over cable on the router, and a regular patch cable for the firewall. The sensor has a public NIC with no bindings and a private NIC with local TCP/IP settings that connects back to the LAN behind the firewall, so it can report to MySQL server. Anyone see anything wrong with this before I hook it up? As always, keep up the great work! You all are very helpful. Sincerely, Dane Howard
-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Cisco switch configuration for sensor gr8dane2 (Jan 16)
- Re: Cisco switch configuration for sensor twig les (Jan 16)
- RE: Cisco switch configuration for sensor Paul D. Shaffer (Jan 16)
- <Possible follow-ups>
- Re: Re: FW: Cisco switch configuration for sensor gr8dane2 (Jan 16)
- Re: FW: Cisco switch configuration for sensor kevin reynolds (Jan 18)
- Re: Cisco switch configuration for sensor twig les (Jan 16)