Security Basics mailing list archives

RE: network segment range which NIDS can detect?

From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Thu, 19 Jun 2003 18:38:43 -0500

With a switch, the default action if it can't be sure of a specific port to
use (fail safely) is to send the packet on to all of the ports except the
one it was received from.

Too many packets may overwhelm the per port buffers
Too many MAC addresses for the (usually 1K or 4K) buffer
True broadcast packets (both MAC and perhaps higher level)

etc.

-----Burton

-----Original Message-----
From: SB CH [mailto:chulmin2 () hotmail com]
Sent: Wednesday, June 18, 2003 2:07 AM
To: security-basics () securityfocus com
Subject: network segment range which NIDS can detect?


Hello, all.

I installed snort NIDS at my linux which connected at switch and I
confirmed that snort could detect some other servers were attacked. As I
know, NIDS can detect some other attacks in the range of a network segment.
Then what is a "same network segment" in the switch?
I can detect some attacks to A server, but B isn't which connected with
same switch.

Surely, I didnt' use the tab or span at switch.


Thanks in advance.

_________________________________________________________________
전세계인이 함께하는 웹 메일 서비스인 MSN Hotmail을 만나 보세요.
http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc
=1042



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

network segment range which NIDS can detect? SB CH (Jun 18)
- RE: network segment range which NIDS can detect? Burton M. Strauss III (Jun 20)