[Snort-users] Kernel complaint about MAC being seen on multiple interfaces

shawn . moyer shawn at ...1184...
Fri Apr 6 01:11:08 EDT 2001


Doug White wrote:

> You shouldn't have the sensors plugged into the same VLAN .. you should
> create a new VLAN, put your sensor on it, then send all the monitor
> traffic to that port. This way one sensor won't "see" the other and cause
> mass confusion.

Tom, does this ever give you duplicate alerts and stuff? 

I understand of course that setting up multiple boxes = more $$$, but in
an ideal world that would probably be the best way. This does bring up
another nice thing about Snort / free software in general, though -- I
know of at least one NIDS that charges per interface. :)





--shawn 

-- 

s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
                             -- Ted Turner




More information about the Snort-users mailing list