Snort mailing list archives

Previous By Date Next
Previous By Thread Next

switch port settings?

From: "Matthew Harrell" <mhar () plex com>
Date: Tue, 1 Oct 2002 11:53:04 -0400
I recently changed the switch port that my Snort box is on so that it hears
the traffic that hits all the ports on the switch.  This seems like it is a
good idea in order to have a true NIDS; however, since doing so, I'm
FLOODED with tons of alert and portscan log entries.  I'm in the process of
playing with ACID to improve the usage of these logs, but is it a good idea
to leave the switch port set this way?

-----------------
Matt Harrell
Plexus Systems
mhar () plex com




-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server 
today at http://www.ServePath.com/indexfm.htm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: