[Snort-users] switch? for what?

Weber Mail Don at ...5881...
Wed May 15 07:33:04 EDT 2002


keep in mind, this solution only works for all traffic actually going OUT to
the internet, mayb i missed part of this thread and that is all you need,
but this method does not see any of the traffic that is communicating
internally btwn computers on just the LAN. ie, the traffic that never goes
out of the switch like from one PC to the mail server.

Don
  -----Original Message-----
  From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Bruno Taranto
  Sent: Wednesday, May 15, 2002 5:42 AM
  To: snort-users at lists.sourceforge.net
  Subject: [Snort-users] switch? for what?


  Hy mans...
  I have a better idea. Its very, very simple!
  Some times u can't do a port mirror or other modifications on the
hardware/system of the client.
  Depending on the hardware/system u have to learn how to do a port mirror
to get all traffic on that box(switch).
  Learn is cool man, but... some times... we dont have time to play with
this toys.
  Some times IT professionals dont configure the hardware/system like u like
or when u want.
  U have to do a complete solution without modifications or touch on any
system/hardware of the company. Right?
  Some time i hate IT professionals.
  I saw many problems with "IT professionals x Security Officers".
  ITS COOL MAN!!!  >:-)
  They always have problems with our security work.
  argh!!!
  Maybe u r IT professional!!!  :-p~
  If... I'm sorry... Forget what i said. :-p~~~

  U can do that:

  =================================
            INET
               |
               |
          ROUTER
               |
               |
          COOL HUB ---------> SNORT SENSOR (only)
               |
               |
          SWITCH
               |
               |
          COMPANY
               |
               |
          FUCKIN USERS
  =================================

  :-)

  Its simple...  but work!!!
  U can use that solution to anything (like SNIFFING / NIDS / SPOOFING /
ETC... ).

  ___________________________________
  Internet Security Services
  HISS, Inc.

  Bruno Taranto
  phone: +55 21 2221-2180
  phone: +55 21 2508-0505 r.741
  phone/fax: +55 21 2232-6209
  email: bruno at ...5646...
  corporate site: http://www.hiss.com.br
  security portal: http://www.hacker.com.br
  ___________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020515/5d5de96b/attachment.html>


More information about the Snort-users mailing list