Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: FW: Cisco switch configuration for sensor

From: <gr8dane2 () bellsouth net>
Date: Thu, 16 Jan 2003 13:47:10 -0500
Thanks, Kevin, for clarifying that for me.  I turned off the tree-spanning and left on the port monitoring.  For some 
reason I was under the impression that I needed tree-spanning on for it to work (I knew I shoulda taked those Cisco 
courses).  

Also, thank you Twig Les for your responses!

Sincerely,
Dane Howard


From: "kevin reynolds" <kevinreynolds2525 () hotmail com>
Date: 2003/01/16 Thu PM 12:24:20 EST
To: gr8dane2 () bellsouth net,  snort-users () lists sourceforge net
Subject: Re: FW: [Snort-users] Cisco switch configuration for sensor

Dane,

If you have enabled spanning tree protocol under the assumption that it will 
allow the sensor to view copies off all traffic between the DSL router and 
the firewall, you are incorrect.  STP is used to provide a loop free 
switching path when multiple switches share VLANs.  You will need to set up 
a SPAN (switch port analyzer) session directing all traffic observed on 
ports 1x and Bx to port Ax.  But you could make the switches life some what 
easier and send all traffic observed on just one of the ports to the IDS 
(just make sure you do it bi-derectionally).

Kevin




-----Original Message-----
From: gr8dane2 () bellsouth net [mailto:gr8dane2 () bellsouth net]
Sent: Thursday, January 16, 2003 11:32 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Cisco switch configuration for sensor


Ok, I checked the Cisco sites and believe I have this setup properly.  I
just wanted to run it past the Snort gurus for confirmation before I hook 
it
up.  I am using a Cisco 1900 series switch that has 12 10baseT ports
(1x-12x) and 2 100baseTX ports (Ax and Bx).  I have a DSL router that is
10baseT (plugged into port 1x), snort sensor with a 10/100 NIC (port Ax) 
and
a firewall with 10/100 NIC (port Bx).  I have enabled the Spanning-Tree
protocal. I have setup port Ax to monitor 1x and Bx.  Then I disabled the
web interface, of course.  I am using the modified patch cable that will
only allow inbound traffic on the sensor, a cross-over cable on the router,
and a regular patch cable for the firewall.  The sensor has a public NIC
with no bindings and a private NIC with local TCP/IP settings that connects
back to the LAN behind the firewall, so it can report to MySQL server.
Anyone see anything wrong with this before I hook it up?  As always, keep 
up
the great work!  You all are very helpful.

Sincerely,
Dane Howard



-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by
implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_________________________________________________________________
Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail






-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache 
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: