[Snort-users] Snort on switched network

Mike Shaw mshaw at ...3165...
Tue Oct 9 11:51:12 EDT 2001


As long as your switch is manageable, not bad at all.

Run the port in "mirrored", "monitored", or "span" mode.  The term depends 
on the make/model.  In really big switches or very complex environments, 
you *sometimes* have to watch out for a performance hit, but that's very rare.

-Mike

At 02:06 PM 10/9/2001 -0400, Ashley Thomas wrote:
>hi,
>
>It is a bad idea to run Snort (or any IDS for that matter) on a switched
>network, am i right ?
>Are there any work arounds ?
>
>thanks a lot
>ashley
>
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list