Snort mailing list archives
Re: Monitoring Multiple Subnets
From: Shaun Marlin <shaun.marlin () canalta com>
Date: Mon, 13 May 2013 15:23:55 +0000
That does make sense. The thing that I am most concerned about is because there is an unmanaged switch, could it fail? I would love to have a SPAN setup, but that isn't in the budget. From: Seth Dunn [mailto:seth () d2ms com] Sent: Monday, May 13, 2013 9:17 AM To: Shaun Marlin; snort-users () lists sourceforge net Subject: RE: [Snort-users] Monitoring Multiple Subnets For what I did....I don't have quite the same setup as you, but I needed to monitor multiple LANs. 10.75.x.x/24 and 10.76.x.x/24 I am using a Cisco switch for my networks. I set up SPAN on my switch, RSPAN is also available, to copy traffic from two ports in which inbound/outbound traffic flows for these LANs.....and set up the destination port for the port that my Snort box is listening on. Then as someone noted, in your snort.conf file you need to make sure these two networks are part of your $HOME variable. From: Shaun Marlin [mailto:shaun.marlin () canalta com] Sent: Monday, May 13, 2013 11:04 AM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: [Snort-users] Monitoring Multiple Subnets I am building a SNORT box to monitor my network. I have 2 ISP's. Is it possible to have the 2 ISP's connect into an unmanaged switch, then have SNORT configured with an IP from each block that I have, and finally pass the traffic back onto the switch that goes into my network? Sorry for the run on question there Essentially I am looking for something like this [cid:image002.png@01CE4FBB.9755E2F0] [cid:image006.png@01CE4FBB.9755E2F0] [cid:image001.png@01CE4FBB.9755E2F0] [cid:image001.png@01CE4FBB.9755E2F0]ISP 1 Router 1 Internal Network [cid:image004.png@01CE4FBB.9755E2F0] [cid:image004.png@01CE4FBB.9755E2F0] [cid:image011.png@01CE4FBB.9755E2F0]ISP 2 Router 2 [cid:image013.png@01CE4FBB.9755E2F0] SNORT Unmanaged Switch SNORT would endup monitoring 3 different subnets. For instance 1.1.1.0/27 2.2.2.0/27 and 3.3.3.0/29. Does anyone see a reason why this would not work Shaun Marlin Network Administrator [cid:image016.jpg@01CE4FBB.9755E2F0] Canalta Family of Companies 2109 - 545 Highway 10 East Drumheller AB Canada T0J 0Y0 PHONE: (403) 820-3865 CELL: (403) 334-1313 EMAIL: shaun.marlin () canalta com<mailto:shaun.marlin () canalta com> WEB: www.canalta.com<http://www.canalta.com>
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Monitoring Multiple Subnets Shaun Marlin (May 13)
- Re: Monitoring Multiple Subnets Seth Dunn (May 13)
- Re: Monitoring Multiple Subnets Shaun Marlin (May 13)
- Re: Monitoring Multiple Subnets Caleb Jaren (May 14)
- Re: Monitoring Multiple Subnets Shaun Marlin (May 13)
- Re: Monitoring Multiple Subnets Seth Dunn (May 13)