RE: Bridge IDS

["Dan Denton" <ddenton () PAYLESSOFFICE com>]

Yes, it can be done as a bridge. At my previous employer we had an
inline snort in IDS mode. I'm sorry I can't give details, at the time I
wasn't privy to how it was configured. I can however verify that it can
and has been done. I also don't see any reason why you can't have a
third interface to SSH to...

-----Original Message-----
From: Lee Sheng [mailto:momosisco () hotmail com] 
Sent: Wednesday, August 04, 2004 7:48 PM
To: focus-ids () securityfocus com
Subject: Bridge IDS


All,


Perhaps this is silly question, however I wanna know that if bridge
firewall 
can be done, how about building a bridge IDS. I know there is 
snort-inline(consoder IPS) that we can use but what I mean is just snort

without patching. Using three network interface, two for building a
bridge 
and one for console. Can it be done? Tap is far too expensive for
individual 
like me :)

Any suggestion would be appreaciated! Thanks.


Regards,
Lee

_________________________________________________________________
Using a handphone prepaid card? Reload your credit online! 
http://www.msn.com.my/reloadredir/default.asp


------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
------------------------------------------------------------------------
--


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------