Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dual home IDS? ACID and send email alerts on one, IDS on the other.

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Mon, 25 Oct 2004 08:50:54 +0100


--On 22 October 2004 23:05 -0700 Marty Hauser <martyhauser () cox net> wrote:



My manager configured the Cisco switch to mirror all
traffic to one port. That's what we want, but I'm told that this port is
IP-less and no traffic can flow into or out of the IDS system. The IDS
system is connected to this port and working perfectly. The issue is the
IDS system can't send emails or access the functional ACID website.


That's normal.


I thought of adding a second NIC and directing SNORT to monitor this NIC
instead and connect the original NIC to the network on a normal port and
regain email and ACID website support.
That's normal practice too. Make sure you protect any exposed services (e.g. by using a firewall - either on the IDS host, or between it and the outside world), or that you use a private administration segment that ordinary users are physically disconnected from. 


Thanks,
Marty Hauser


Best Regards,
Alex.



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: