IDS mailing list archives
Re: IDS 4215, right place for a sniffing interface (DMZ or LAN)
From: Gary Halleen <ghalleen () cisco com>
Date: Thu, 05 Apr 2007 15:21:45 -0700
It doesn't matter which interface is used for sensing and which for monitoring as long as you use one for each. Gary On 4/4/07 7:48 PM, "zillah" <forwardtruth () yahoo com> wrote:
The first thing you need to do is upgrade your sensor to version 5.1 or 6.0. You have 4.1 software, which is no longer supported. If you have maintenance on your sensor, the upgrade is no charge. If you do not have maintenance (called Services for IPS), then you'll need to take care of that first.Thanks Gary, yes I am aware of that.The 4215 sensor has only two interfaces, and you need one for command and control. This is the interface that you'll assign an IP address to and use for management purposes.Yes you are right . According to the specification in the table 5-2 (under IDS 4125, same as mine) from the link that I have posted for IDS 4125 , FastEthernet 0/1 should be for sensing purposes,,,,,,,,,,my case since I am looking to monitor a traffic in the DMZ area, I should use Etherent 1 (not 0) for monitoring (sensing) , right now Ethernet 0 (not 1) was used, and I guess this is wrong ,,,,,,here was my query ?
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IDS 4215, right place for a sniffing interface (DMZ or LAN) zillah (Apr 02)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) Gary Halleen (Apr 04)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) zillah (Apr 05)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) Gary Halleen (Apr 05)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) zillah (Apr 05)
- Re: IDS 4215, right place for a sniffing interface (DMZ or LAN) Gary Halleen (Apr 04)