[Snort-users] newbie question - switches

Kevin Oh koh1170 at ...131...
Thu Nov 15 09:37:02 EST 2001


hi,

newbie question for you.

This is my current configuration

DSL   Cable
 |      |
 |      |
Switch (NexLand ISB Pro800 Turbo)
 |  |  ... |
Local Network

The switch has a firewall in it.  I want to be able to monitor our network
with a Snort 1.8.2 box (VA
Linux 6.2)

However, I cannot set a monitor port (or mirror port) on our switch.  So
i came up with three solutions,

1. buy a better switch (not happening)
2. use the following config

 DSL   Cable
  |      |
  |      |
 Switch (NexLand ISB Pro800 Turbo)
     |
 Snort machine (2 NICs)
     |
 Hub or switch
  | ... |
 Local Network

3. ask you guys for opinions before doing anything.

I opted for the number 3 (probably the best option).  Could anybody
confirm if my idea is acceptable or not?  if it is not could you give me an
alternative?

Thanx in advance.  I appreciate it.

Kevin

ps : love the 'professionalism' thread :)



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com





More information about the Snort-users mailing list