IDS mailing list archives
Re: Multiple network segment monitor with Snort
From: Florin Andrei <florin () sgi com>
Date: 29 Sep 2003 13:48:37 -0700
On Wed, 2003-09-24 at 11:59, Sergio Pozo Hidalgo wrote:
Can I use the same physical machine (with as many ethernet cards as sensors I want to deploy) and use various and independent snort processes? I neither know if only one Snort process can control different network cards at the same time. And yes, I know that I can hog the sensor, but the networks are going to have little traffic (at least right now!).
It should be doable, but don't forget to secure the heck out of that sensor. Like: - disable IP forwarding - don't assign IP addresses to the "sniffing" interfaces - perhaps configure those interfaces to not even answer ARP requests - etc. -- Florin Andrei http://florin.myip.org/ --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Sep 25)
- Re: Multiple network segment monitor with Snort Keith W. McCammon (Sep 25)
- Re: Multiple network segment monitor with Snort Jason Haar (Sep 26)
- RE: Multiple network segment monitor with Snort James Williams (Sep 26)
- Re: Multiple network segment monitor with Snort Jason Haar (Sep 26)
- Re: Multiple network segment monitor with Snort Anton A. Chuvakin (Sep 26)
- Re: Multiple network segment monitor with Snort Florin Andrei (Sep 30)
- <Possible follow-ups>
- RE: Multiple network segment monitor with Snort kgeorgiades (Sep 29)
- Re: Multiple network segment monitor with Snort Keith W. McCammon (Sep 25)