IDS mailing list archives
IDS 4215, right place for a sniffing interface (DMZ or LAN)
From: zillah <saadelias () hotmail com>
Date: Tue, 28 Nov 2006 07:20:24 -0800 (PST)
I have got at work this sensor with two interfaces only, I have been asked to check that IDSWORK# show version Application Partition: Cisco Systems Intrusion Detection Sensor, Version 4.1(1)S47 OS Version 2.4.18-5smpbigphys-4215 Platform: IDS-4215 one interface which is Ethernet 0 (not FastEthernet) connected to switch in DMZ , and Ethernet 1 connected to switch 4005,,,,logically I have to monitor DMZ zone not switch 4005 (since I have got only two interfaces, my case),,,Am I right ? That means Ethernet 0 should be for sniffing (monitoring)since it is connected to DMZ,and interface 1 for command and control since it is connected to 4005 switch, but according to cisco specification http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1051279 Table 5-2 FastEthernet0/0: Interfaces Supporting Inline VLAN Pairs (Sensing Ports) FastEthernet0/1: Interfaces Not Supporting Inline (Command and Control Port) Note: Cisco has mentioned FastEthernet, the one that I have got Ethernet ,,,,does make any difference ? Since I have not done that configuration , it has been done by some one else, do I need to change that ? -- View this message in context: http://www.nabble.com/IDS-4215%2C-right-place-for-a-sniffing-interface-%28DMZ-or-LAN%29-tf2718902.html#a7580962 Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IDS 4215, right place for a sniffing interface (DMZ or LAN) zillah (Apr 02)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) Gary Halleen (Apr 04)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) zillah (Apr 05)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) Gary Halleen (Apr 05)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) zillah (Apr 05)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) Gary Halleen (Apr 04)