RE: brut force attack not detected

[Paul Smith <paul () pscs co uk>]

> I have a non configurable 8 port switch that we use for just a section that
> we seperate from the rest of our network,,
>
> How would I set that up to work as a monitor port?

If the switch is non-configurable, then you can't..

The whole point of a switch is that data that goes between ports 1 and 2 
(for instance) won't get sent out to port 3 as well, so if you have Snort 
on port 3, it simply won't see the traffic between ports 1 and 2.

You need to be able to configure the switch to define a port which receives 
either all the data or all the data to/from a specific port (depending on 
the switch), so if the switch is non-configurable you can't do this..

You will either need to change to a hub (where all data is visible on all 
ports) or a managed switch where you can define a monitoring port.

Alternatively, if you just want to monitor one port of the switch you could 
buy a cheap hub and put it between that port of the switch and the 
computer/router/whatever that was on that port, and put the Snort computer 
on another port of the hub.


Paul                            VPOP3 - Internet Email Server/Gateway
paul () pscs co uk                      http://www.pscs.co.uk/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users