|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Multiple network segment monitor with Snort
From: James Williams (jwilliams
mail.wtamu.edu)
Date: Fri Sep 26 2003 - 16:42:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If the box is connected to a cisco switch you can setup a port to
monitor as many, or as few vlans as you want and send that traffic to
the port that your snort box is connected to.
James Williams
Network Systems Engineer
-----Original Message-----
From: Jason Haar [mailto:Jason.Haartrimble.co.nz]
Sent: Thursday, September 25, 2003 11:41 PM
To: focus-idssecurityfocus.com
Subject: Re: Multiple network segment monitor with Snort
On Thu, Sep 25, 2003 at 05:00:23PM -0400, Keith W. McCammon wrote:
> Yep, no problem. I run between 2-4 per FreeBSD-based sensor. As long
> as you keep up on RAM you're cool.
...and don't forget you're PCI backplane limits... I *think* a standard
PCI-based box is good for up to 4 100Mb Ethernet cards, and being picky
about card choices/etc can push that up to 6 100M cards - but beyond
that
you exceed the limits of the PC arch...?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance
Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]