Snort mailing list archives

Re: Snort on switched network

From: Chuck Morford <cmorford () dot state nc us>
Date: Tue, 09 Oct 2001 14:22:34 -0400

Hi,
I'm running Snort on a mirrored port on my switched network and it seems to
be fine...

 I don't know why it would be a bad idea.

If your IDS box is attched to a non-mirrored switch port you're not getting
all the traffic, only what's on your segment.

Chuck Morford
Hostmaster, NCDOT

Ashley Thomas wrote:

hi,

It is a bad idea to run Snort (or any IDS for that matter) on a switched
network, am i right ?
Are there any work arounds ?

thanks a lot
ashley

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Attachment: cmorford.vcf
Description: Card for Chuck Morford

Current thread:

Snort on switched network Ashley Thomas (Oct 09)
- Re: Snort on switched network Erek Adams (Oct 09)
  - Re: Snort on switched network niceshorts (Oct 09)
- Re: Snort on switched network Chuck Morford (Oct 09)
- Re: Snort on switched network Mike Shaw (Oct 09)
- <Possible follow-ups>
- RE: Snort on switched network Gadrow, Jim (Oct 09)
  - RE: Snort on switched network Erek Adams (Oct 09)