[Snort-users] switch port settings?

Matthew Harrell mhar at ...7038...
Tue Oct 1 09:00:10 EDT 2002


I recently changed the switch port that my Snort box is on so that it hears
the traffic that hits all the ports on the switch.  This seems like it is a
good idea in order to have a true NIDS; however, since doing so, I'm
FLOODED with tons of alert and portscan log entries.  I'm in the process of
playing with ACID to improve the usage of these logs, but is it a good idea
to leave the switch port set this way?

-----------------
Matt Harrell
Plexus Systems
mhar at ...7038...






More information about the Snort-users mailing list