|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kenneth Smith (kennsmit
gcfn.org)Date: Mon Jul 01 2002 - 14:01:16 CDT
Dmitry:
Have you looked at the IOS "port monitor"
command?
It is not clear what you are referring
to when you say "my box," but I would
be careful if you are using vlan's to
seperate your unsecured and secured
LAN's.
ks
> mike.jablonskiabnamrousa.com wrote:
>>
>> you need to enable the span port feature.
>>
>
> Sorry, seems my explain was too bad.
> I have internal FW. It is connected to cat2924
> with xl0 at 100Mbit.
> Switch port is in trunk mode.
> there is 2 vlans on xl0: vlan0 and vlan1.
> There is no ip on xl0.
> My defaultouter (cisco 26XX) is in vlan0 (trunk too).
> My office subnet is on vlan1 (all office hosts
> configured as vlan 1 on switch).
>
> So, my box works as router+FW between vlan0 and vlan1.
> Now it works.
>
> So, I want to setup snort to detect attacks.
> What iface (xl0, vlan0, or what) shall I bind snort
> (snort -i flag) to make it analyze both internal
> and external traffic?
>
> Another question is: cisco detects vlans with vtp
> protocol. Does FreeBSD supports it?
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]