[Snort-users] Configuring Cisco switches...
erek at ...577...
Fri Sep 21 07:16:02 EDT 2001
On Fri, 21 Sep 2001, Bryan Childs wrote:
> Hi everyone - this question has probably been done to death, but my google
> searching for answers has amounted to nought - so I'm going to have to ask
> it again I'm afraid!
It's Ok, we'll just give you lashes with a wet noodle. ;-)
> The network here in my building is of course suffering from the recent Nimda
> virus/worm breakout, and we're trying to track infected boxes with snort.
> The entire network here is running on switched ethernet, which is giving us
> a bit of a headache. Most of the switches are dumb 3Com supplied ones, but
> we've been sensible enough (we think) to plug out snort box into the Cisco
> one which sits at the top of the network.
> The trouble is that we *still* don't seem to be able to monitor attacks
> which don't directly go for the snort box itself.
> The card is set up in promiscuous mode as it should be - but we think we
> need to do something to the switch to make sure it sees ALL our internal
> network traffic.
> Does anyone know what we might have missed? Or have any suggestions at all?
Now, your Cisco _should_ be able to do that. If you don't know talk with your
local netoworking geek. Bribe him with some wire ties or something...
> Cheers amigos......
Oh, you're bringing the beer? Great! Bring some Shinerbock. :)
More information about the Snort-users