[Snort-users] Dual home IDS? ACID and send email alerts on one, IDS on the other.
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Mon Oct 25 00:52:01 EDT 2004
--On 22 October 2004 23:05 -0700 Marty Hauser <martyhauser at ...5190...> wrote:
> My manager configured the Cisco switch to mirror all
> traffic to one port. That's what we want, but I'm told that this port is
> IP-less and no traffic can flow into or out of the IDS system. The IDS
> system is connected to this port and working perfectly. The issue is the
> IDS system can't send emails or access the functional ACID website.
> I thought of adding a second NIC and directing SNORT to monitor this NIC
> instead and connect the original NIC to the network on a normal port and
> regain email and ACID website support.
That's normal practice too. Make sure you protect any exposed services
(e.g. by using a firewall - either on the IDS host, or between it and the
outside world), or that you use a private administration segment that
ordinary users are physically disconnected from.
> Marty Hauser
More information about the Snort-users