Re: Dual home IDS? ACID and send email alerts on one, IDS on the other.

[Sean Brown <sblinux () shaw ca>]

On October 23, 2004 12:05 am, Marty Hauser wrote:
> Greetings,
>
>
>
> Thanks to the great work of the group behind and Patrick S. Harper
> <mailto:patrick () internetsecurityguru com> , his procedures are very good
> and I have Fedora Core 2 and snort 2.2.0 running perfectly. There is
> nothing wrong with the IDS system, this question is on an enhancement. My
> manager configured the Cisco switch to mirror all traffic to one port.
> That's what we want, but I'm told that this port is IP-less and no traffic
> can flow into or out of the IDS system. The IDS system is connected to this
> port and working perfectly. The issue is the IDS system can't send emails
> or access the functional ACID website. I thought of adding a second NIC and
> directing SNORT to monitor this NIC instead and connect the original NIC to
> the network on a normal port and regain email and ACID website support.
> Have you guy's any guidance/ experience with resolving an issue like this?
> Any help would really be appreciated.
>
>
>
> Thanks,
>
> Marty Hauser
Throw in a second NIC that will have an IP so your sensor can talk to the 
network, while continuing to listen to the NIC that has all the traffic from 
the switch coming in.


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users