[Snort-users] Snort on switched network
mshaw at ...3165...
Tue Oct 9 11:51:12 EDT 2001
As long as your switch is manageable, not bad at all.
Run the port in "mirrored", "monitored", or "span" mode. The term depends
on the make/model. In really big switches or very complex environments,
you *sometimes* have to watch out for a performance hit, but that's very rare.
At 02:06 PM 10/9/2001 -0400, Ashley Thomas wrote:
>It is a bad idea to run Snort (or any IDS for that matter) on a switched
>network, am i right ?
>Are there any work arounds ?
>thanks a lot
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
More information about the Snort-users