Re: brut force attack not detected

[Kiira Triea <kiira-t () mail bsasinc org>]

> Hi everyone,,
>
> I have a non configurable 8 port switch that we use for just a section that
> we seperate from the rest of our network,,
>
> How would I set that up to work as a monitor port?
>
>
> rgds
>
> Frank

Hi... Well if you cannot mirror a range or all of the ports on that switch 
then a snort sensor can only see the traffic destined for its own nic - 
probably not too useful. Where does that switch uplink on your lan? 
If it is another switch you see the problem again. 

Most switches do allow such a configuration - I have my DMZ zone boxes
on a small Asante switch and I mirror all traffic to the 100 Mbit port
where my snort sensor listens to eth1. The other nic is plugged into a
LAN switch port which has mirrored the machines I need to sniff inside. 

I also sometimes break out groups of users onto a spare hub from the 
switch  and plug in the snort nic there in order to diagnose problems. 

HTH, 

Kiira 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users