Snort mailing list archives
Re: Monitoring Multiple Subnets
From: Caleb Jaren <tropism.prophet () gmail com>
Date: Tue, 14 May 2013 14:49:57 -0700
I couldn't make sense out of your diagram as gmail is doing some funky rendering ATM, but I would imagine that unless your budget is *free* this would work out pretty well. It has a SPAN port and is under $100 USD. http://www.amazon.com/Netgear-GS108T-NAS-Prosafe-8-Port-Gigabit/dp/B003KP8VSK I use one of these both at work and at home for doing monitoring and have no complaints. I dont have your setup, but I'd imagine that so long as both routers are plugged into the unmanaged switch and that $HOME_NET on the snort box is configured properly it will work. Of course, you'll probably have to set it up and try it out to be 100% sure. :) On Mon, May 13, 2013 at 8:23 AM, Shaun Marlin <shaun.marlin () canalta com>wrote:
That does make sense. The thing that I am most concerned about is because there is an unmanaged switch, could it fail? I would love to have a SPAN setup, but that isn’t in the budget.**** ** ** *From:* Seth Dunn [mailto:seth () d2ms com] *Sent:* Monday, May 13, 2013 9:17 AM *To:* Shaun Marlin; snort-users () lists sourceforge net *Subject:* RE: [Snort-users] Monitoring Multiple Subnets**** ** ** For what I did....I don't have quite the same setup as you, but I needed to monitor multiple LANs. 10.75.x.x/24 and 10.76.x.x/24**** I am using a Cisco switch for my networks. I set up SPAN on my switch, RSPAN is also available, to copy traffic from two ports in which inbound/outbound traffic flows for these LANs.....and set up the destination port for the port that my Snort box is listening on. **** ** ** Then as someone noted, in your snort.conf file you need to make sure these two networks are part of your $HOME variable.**** ** ** *From:* Shaun Marlin [mailto:shaun.marlin () canalta com<shaun.marlin () canalta com>] *Sent:* Monday, May 13, 2013 11:04 AM *To:* snort-users () lists sourceforge net *Subject:* [Snort-users] Monitoring Multiple Subnets**** ** ** I am building a SNORT box to monitor my network. I have 2 ISP’s. Is it possible to have the 2 ISP’s connect into an unmanaged switch, then have SNORT configured with an IP from each block that I have, and finally pass the traffic back onto the switch that goes into my network?**** ** ** Sorry for the run on question there**** ** ** Essentially I am looking for something like this**** ** ** ** **** ** ** ** ** ** ************ISP 1**** Router 1 Internal Network**** **** **** **** ** **** ** ********ISP 2 Router 2**** **** **** SNORT**** ** ** ** ** Unmanaged Switch**** ** ** ** ** SNORT would endup monitoring 3 different subnets. For instance 1.1.1.0/27 2.2.2.0/27 and 3.3.3.0/29.**** ** ** Does anyone see a reason why this would not work**** ** ** *Shaun Marlin* Network Administrator *Canalta Family of Companies***** 2109 - 545 Highway 10 East Drumheller AB Canada T0J 0Y0 PHONE: (403) 820-3865 CELL: (403) 334-1313 **** EMAIL: shaun.marlin () canalta com WEB: www.canalta.com **** ** ** ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Monitoring Multiple Subnets Shaun Marlin (May 13)
- Re: Monitoring Multiple Subnets Seth Dunn (May 13)
- Re: Monitoring Multiple Subnets Shaun Marlin (May 13)
- Re: Monitoring Multiple Subnets Caleb Jaren (May 14)
- Re: Monitoring Multiple Subnets Shaun Marlin (May 13)
- Re: Monitoring Multiple Subnets Seth Dunn (May 13)