Re: LAN

[Jason Costomiris <jcostom () jasons org>]

On Tue, Nov 06, 2001 at 10:01:29AM -0500, snortlst snortlst wrote:
: I run snort as ids.I have a sensor on LAN that sniffs traffic coming inside
: our lan from firewall's lan interface. Is that enough to figure out if there
: are some trojans running on some workstations on the lan, or some other
: problems with lan wstations?

That's enough to see traffic going to/from the Internet, not necessarily
all of your network.

: If this configuration is not enough then what.....I should mirror all 700
: ports on the lan switch to the snort sensor port?

If you've got that many live ports, I'd say you're probably best off
using multiple sensors with barnyard talking to a postresql/mysql db.

-- 
Jason Costomiris <><           |  Technologist, geek, human.
jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 
          Quidquid latine dictum sit, altum viditur.
                    My account, My opinions.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users