Snort mailing list archives
Re: heavily switched networks
From: twig les <twigles () yahoo com>
Date: Wed, 24 Dec 2003 08:28:35 -0800 (PST)
--- Stewart Larsen <slarsen42 () cfl rr com> wrote:
Well, you tell me. As a network admin in charge of security, should I be worried about intra-network traffic? Would I be better off running a host-based IDS like tripwire on the servers I care about and only sniffing the uplink? This is all theoretical, BTW. But I'm researching for future opportunities.
Well yeah, I would definitely worry about intra-network traffic. And in this case I believe it would be much simpler to buy fewer switches with a port mirroring capability than to tap all those lines or run host-based snort. Going with your idea of tripwire and sniffing the uplink is an option if you are less paranoid or can segregate machines at layer-2. ===== ----------------------------------------------------------- Only fools have all the answers. ----------------------------------------------------------- __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- heavily switched networks Stewart Larsen (Dec 23)
- Re: heavily switched networks twig les (Dec 23)
- Re: heavily switched networks Stewart Larsen (Dec 24)
- Re: heavily switched networks Erek Adams (Dec 24)
- Re: heavily switched networks Stewart Larsen (Dec 24)
- Re: heavily switched networks Erek Adams (Dec 24)
- Re: heavily switched networks twig les (Dec 24)
- Re: heavily switched networks Stewart Larsen (Dec 24)
- Re: heavily switched networks twig les (Dec 23)
- <Possible follow-ups>
- heavily switched networks Russell Fulton (Dec 24)