Any IDS (ISS, Snort, Dragon, etc) will work in a switched network as long as the switch allows you to have a 'spanning port' (Cisco Catalyst) or a 'monitoring port' (HP Pro Curve). In the event that you have a Cisco switch you can only have one 'spanning port' per VLAN (at least this is true with 2900 series)
-- Sean Waddell Network Engineer The ESP Group > > -----Original Message----- > From: Pavel Lozhkin [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, March 12, 2002 4:53 AM > To: [EMAIL PROTECTED] > Subject: IDS > > Hi ! > > Could one recommend me a IDS, such as snort, but designed for switched > network. > I looked at ettercap, but it does not fully meet my needs, i need > non-interactive IDS, not a collector, if the snort were working in > switched network environment, it would be enough for me. > > Thanks for any advise. > > -- > Pavel > Information Security Officer & IT Auditor > ICQ UIN 39596913 8990192 > Phone (7-095)-258-04-11 ext 1134 > (7-095)-258-04-00 reception
