Pavel, A NIDS cannot function properly in a switched network. Most sensors cannot see through to other collision domains across a switch. What you would have to do in order to make this work is, for example, on a Cisco Catalyst you need to set up a vlan across the different segments so that the sensor can see the traffic as if it were only on a local hub or local collision domain.
Hope that helps, Bejon -----Original Message----- From: Pavel Lozhkin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 4:53 AM To: [EMAIL PROTECTED] Subject: IDS Hi ! Could one recommend me a IDS, such as snort, but designed for switched network. I looked at ettercap, but it does not fully meet my needs, i need non-interactive IDS, not a collector, if the snort were working in switched network environment, it would be enough for me. Thanks for any advise. -- Pavel Information Security Officer & IT Auditor ICQ UIN 39596913 8990192 Phone (7-095)-258-04-11 ext 1134 (7-095)-258-04-00 reception
