[Snort-devel] Inter-Sensor Communication? (long)

Frank Knobbe FKnobbe at ...339...
Sun May 20 13:33:22 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Dave Ryan [mailto:dave.ryan at ...436...]
> Sent: Sunday, May 20, 2001 6:45 AM
> 
> Sensor-to-Sensor might not be the best approach given that a 
> NIDS deployment
> over a relatively large network could be too complicated to 
> approach via
> inter-node communications...

Yeah, I see what you are saying. Having 20 sensors all talk to each
other would be nasty (19^2 connections).

> A better approach IMO would be to go with a master NIDS or 
> managemment system.

I like the idea of a listening daemon a dedicated box (possibly
logging box), which will analyze the rule request form a sensor,
perform sanity checks, and then in turn contacts all other sensors
(19+1 connections). That would also ease the load on the sensor.

Regards,
Frank



-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOwf/4pytSsEygtEFEQLdtACfbrK366ww6pdlbxTwfSmNfiFwCHgAoOLc
nLolZ7eVwc+SUvOyywFojfxA
=iDDo
-----END PGP SIGNATURE-----




More information about the Snort-devel mailing list