Snort mailing list archives

RE: FAQ 10/100 Hubs Block Other Speed Traffic

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 8 Aug 2001 13:06:19 -0700 (PDT)

On Thu, 9 Aug 2001, Franki wrote:

if you have a dual speed hub, and machines running both speeds (netcards
with 10 and 100),

would it get around that if you had to nic in the snort machine on the
network? one for 10 and one for 100?


Well...  If the hub does it's magic, you'll only see 100mb traffic with the
100mb card and 10mb traffic with the 10mb card.  You would have to be able to
correlate the events for both segments.  It's not the easiest thing to do, but
it might be a workable solution.  I don't like running multiple snort procs.
It's harder to maintain and analyze, IMHO.

I just heard this and I am wondering if its something I need to worry about
before rollin out snort...


Yes.  You do need to worry.  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

External snort monitoring Larry E. Smith Jr. (Aug 08)
- Re: External snort monitoring Frank McPherson (Aug 08)
- Re: External snort monitoring Frank McPherson (Aug 08)
  - Re: External snort monitoring Larry E. Smith Jr. (Aug 08)
- Re: External snort monitoring George D. Nincehelser (Aug 08)
- Re: External snort monitoring Erek Adams (Aug 08)
  - Re: External snort monitoring Security @ Monster-Solutions.Net (Aug 08)
- <Possible follow-ups>
- RE: External snort monitoring swilcoxon (Aug 08)
  - FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Dragos Ruiu (Aug 08)
    - RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Franki (Aug 08)
    - RE: FAQ 10/100 Hubs Block Other Speed Traffic Erek Adams (Aug 08)
    - RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Rich Adamson (Aug 08)
    - Re: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Ramin Alidousti (Aug 08)
    - RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) Jason (Aug 08)
    - RE: RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) James Friesen (Aug 09)
    - RE: RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) James Friesen (Aug 10)
    - Question? James Friesen (Aug 10)
    - Re: Question? Jed Pickel (Aug 10)
    - CODE RED III Mark Spieth (Aug 10)
    - Re: CODE RED III Mike Baptiste (Aug 10)
    - Re: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) Jim Hankins (Aug 08)

(Thread continues...)