IDS mailing list archives

RE: Bridge IDS

From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Thu, 5 Aug 2004 08:05:59 -0700

Yes, it can be done and I have done so.

Just configure the UNIX or MS box for bridging or routing and set the
interfaces to promiscuous mode or install Winpcap for Windows machines.

If you have a managed switch, you can span the port too.

Like all machines, they must be patched and updated too.  

For my home IDS I spanned it off and one of the two interfaces has no IP
address, however it is set to promiscuous mode and hears everything.  The
other interface has an IP is used for maintenance and viewing and it is
behind a few layers of fire walling.

Regards,

Greg DeGennaro Jr., CISSP, CCNP
Systems Engineer

"Network Security is Y2K without the deadline" - Network Security Secrets
and Solutions 1999



-----Original Message-----
From: Lee Sheng [mailto:momosisco () hotmail com] 
Sent: Wednesday, August 04, 2004 5:48 PM
To: focus-ids () securityfocus com
Subject: Bridge IDS

All,


Perhaps this is silly question, however I wanna know that if bridge firewall

can be done, how about building a bridge IDS. I know there is 
snort-inline(consoder IPS) that we can use but what I mean is just snort 
without patching. Using three network interface, two for building a bridge 
and one for console. Can it be done? Tap is far too expensive for individual

like me :)

Any suggestion would be appreaciated! Thanks.


Regards,
Lee

_________________________________________________________________
Using a handphone prepaid card? Reload your credit online! 
http://www.msn.com.my/reloadredir/default.asp


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

Current thread:

Bridge IDS Lee Sheng (Aug 05)
- RE: Bridge IDS Jeff Dell (Aug 05)
- Re: Bridge IDS David W. Goodrum (Aug 05)
- Re: Bridge IDS Olli Jarva (Aug 05)
- Re: Bridge IDS Stephen Samuel (Aug 05)
- Re: Bridge IDS Nick Black (Aug 06)
- <Possible follow-ups>
- RE: Bridge IDS Dan Denton (Aug 05)
- RE: Bridge IDS DeGennaro, Gregory (Aug 05)
- RE: Bridge IDS DeGennaro, Gregory (Aug 06)