[Snort-users] Snort in a switched environment
Justin M. Parker
bluesman at ...5852...
Tue May 14 09:56:04 EDT 2002
---------- Forwarded message ----------
Date: Tue, 14 May 2002 18:30:58 +0000
From: Edin Dizdarevic <edin.dizdarevic at ...5862...>
To: Justin M. Parker <bluesman at ...5852...>
Subject: Re: [Snort-users] Snort in a switched environment
isn't it a well known "switch-attack" to let a switch
exceed the internal ARP-Buffer so it switch back to the
hub mode. I don't think it's a good idea, since it lowers the
performance extremely. You may try taking a hub for those
special hosts you want to listen to. If you don't have a switch
with monitorig capability think about buying one. Since all better
switches are manageable in that issue you may be lucky and the
present one can do the job.
Hope could help!
More information about the Snort-users