IDS mailing list archives
RE: Bridge IDS
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Thu, 5 Aug 2004 08:05:59 -0700
Yes, it can be done and I have done so. Just configure the UNIX or MS box for bridging or routing and set the interfaces to promiscuous mode or install Winpcap for Windows machines. If you have a managed switch, you can span the port too. Like all machines, they must be patched and updated too. For my home IDS I spanned it off and one of the two interfaces has no IP address, however it is set to promiscuous mode and hears everything. The other interface has an IP is used for maintenance and viewing and it is behind a few layers of fire walling. Regards, Greg DeGennaro Jr., CISSP, CCNP Systems Engineer "Network Security is Y2K without the deadline" - Network Security Secrets and Solutions 1999 -----Original Message----- From: Lee Sheng [mailto:momosisco () hotmail com] Sent: Wednesday, August 04, 2004 5:48 PM To: focus-ids () securityfocus com Subject: Bridge IDS All, Perhaps this is silly question, however I wanna know that if bridge firewall can be done, how about building a bridge IDS. I know there is snort-inline(consoder IPS) that we can use but what I mean is just snort without patching. Using three network interface, two for building a bridge and one for console. Can it be done? Tap is far too expensive for individual like me :) Any suggestion would be appreaciated! Thanks. Regards, Lee _________________________________________________________________ Using a handphone prepaid card? Reload your credit online! http://www.msn.com.my/reloadredir/default.asp -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Bridge IDS Lee Sheng (Aug 05)
- RE: Bridge IDS Jeff Dell (Aug 05)
- Re: Bridge IDS David W. Goodrum (Aug 05)
- Re: Bridge IDS Olli Jarva (Aug 05)
- Re: Bridge IDS Stephen Samuel (Aug 05)
- Re: Bridge IDS Nick Black (Aug 06)
- <Possible follow-ups>
- RE: Bridge IDS Dan Denton (Aug 05)
- RE: Bridge IDS DeGennaro, Gregory (Aug 05)
- RE: Bridge IDS DeGennaro, Gregory (Aug 06)