I do a semi-classical arrangement. We have two pipes to the net going to
two different switches. I use SPAN to send all ingress traffic on the
external router to a port which I plug into a hub. I then do the same on
the second pipe, and plug the IDS box running snort into the hub (thus, all
traffic in both directions can be read off one interface).
The newest snort releases allow you to affect the traffic, not just watch
it. Of course, this requires the IDS to be in-line, which typically isn't
the case unless you're using a *nix box for your firewall. As far as
notification and logging, snort has performed beautifully on an OBSD box
under fairly heavy network load...
-Brad.
""Roberts, Timothy"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Has anyone used SNORT for IDS purposes? Any reviews?
>
>
> Confidentiality Notice: This e-mail message, including any attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4493&t=4436
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
