[Snort-users] Snort in a switched environment

Bruno Taranto bruno at ...5646...
Wed May 15 08:57:15 EDT 2002


Hy man...
I have a better idea. Its very, very simple!
Some times u can't do a port mirror or other modifications on the
hardware/system of the client.
Depending on the hardware/system u have to learn how to do a port mirror to
get all traffic on that box(switch).
Learn is cool man, but... some times... we dont have time to play with this
toys.
Some times IT professionals dont configure the hardware/system like u like
or when u want.
U have to do a complete solution without modifications or touch on any
system/hardware of the company. Right?
Some time i hate IT professionals.
I saw many problems with "IT professionals x Security Officers".
ITS COOL MAN!!!  >:-)
They always have problems with our security work.
argh!!!
Maybe u r IT professional!!!  :-p~
If... I'm sorry... Forget what i said. :-p~~~

U can do that:

=================================
          INET
             |
             |
        ROUTER
             |
             |
        COOL HUB ---------> SNORT SENSOR
             |
             |
        SWITCH
             |
             |
        COMPANY
             |
             |
        FUCKIN USERS
=================================

:-)

Its simple...  but work!!!
U can use that solution to anything on security (like SNIFFING / NIDS /
SPOOFING / ETC... ).

___________________________________
Internet Security Services
HISS, Inc.

Bruno Taranto
phone: +55 21 2221-2180
phone: +55 21 2508-0505 r.741
phone/fax: +55 21 2232-6209
email: bruno at ...5646...
corporate site: http://www.hiss.com.br
security portal: http://www.hacker.com.br
___________________________________


----- Original Message -----
From: "Bastian Ballmann" <ballmann at ...3190...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, May 14, 2002 12:19 PM
Subject: [Snort-users] Snort in a switched environment


> Hello!
> Is it possible to run Snort in a switched environment? Cause Snort can
only
> sniff the traffic of the host he is running on. Unless he is doing
something
> like ARP poisoning or something like this...
> But I think this would lead into trouble if you run the arpspoof
preprocessor
> ;)
> Greets
>
> Bastian Ballmann
> --
> Bastian Ballmann [ ballmann at ...3190... ]
> @ Computational Design GmbH
> [ http://www.co-de.de ]
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidth at ...382...
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>






More information about the Snort-users mailing list