Snort mailing list archives

Re: To hub or not to hub

From: Javier Liendo <javier () liendo net>
Date: Mon, 6 Jan 2003 16:03:11 -0800 (PST)

hello anthony

i have been using a snort box plugged on a hub that
sists between the inside interface of a firewall and
the internal switch for a couple of months and so far
so good...be sure to have the hub inside a rack well
locked so nobody (but the one that have the key for
the rack) can insert another sniffer on the hub...i
did not configure any ip address on this box just to
be sure that is not remotely accesible (i do not
manage the firewall and getting the firewall manager
to configure some rules for this machine was another
difficult sell) with the not so great side effect that
to configure/monitor snort i have to be sitting at the
console (the snort box)...

on another side, why not spanning? (in my case i could
not do it because an old ios on the switch)...

saludos

javier

--- Anthony Scott <ascott () triadfoodsgroup com> wrote:

Hi. I am going to initially deploy one Snort box on
our network. I want to place it right after our
firewall to detect anything getting through.
We have an all switched environment and I do not
want to do any spanning (at least initially). I read
two documents on Snort's web site, one said a hub
was fine, one said a hub was a bad idea. I like the
idea because it would be easy to plug and unplug the
snort box without disrupting traffic. 
I would also like to use the box for a sniffer, ala
Ethereal.
Thoughts, feelings, ideas?

Thanks
anthony  scott

-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

To hub or not to hub Anthony Scott (Jan 06)
- Re: To hub or not to hub Matt Kettler (Jan 06)
- Re: To hub or not to hub Javier Liendo (Jan 06)
- <Possible follow-ups>
- RE: To hub or not to hub Semerjian, Ohanes (Jan 06)
- Re: To hub or not to hub Anthony Scott (Jan 07)
  - Re: To hub or not to hub Bob Staaf (Jan 07)
  - Re: To hub or not to hub Scot Scot (Jan 07)