Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Snort IDS set up on switched LAN + 3COM managed switch

Posted on 2004-08-31
3
Medium Priority
?
560 Views
Last Modified: 2013-12-03
Hello all,

Thanks in advance for the help with this one.

Here's a brief overview of how I have it set up currently:

Internet -> Router -> Firewall -> Switch (not hub) -> LAN, which includes hosts and IDS.

The issue is that Snort can't sniff very well on a switched LAN (few sniffers can). I'm aware that going to a model like:

Internet -> Router -> Firewall -> Hub
                                                   |
                                                   ^
                                                 /    \
                                           Switch  IDS

..would solve my problem.

However, I need to do this without acquiring more hardware. I know some Cisco switches allow LAN traffic to be monitored on a specific port, so that I could still sniff the network without additional hardware. Is this doable with a managed 3COM (3812, if that helps you) switch?

If I assign an IP to the switch will I need to re-address my hosts, or is that strictly for switch management?

Thanks for the help.



0
Comment
Question by:xybx
3 Comments
 
LVL 1

Accepted Solution

by:
joephus earned 1000 total points
ID: 11947484
The IP address will probably just be a managment IP so, unless you use the ip address as a host on your network you shouldn't have to change your hosts config.  Most managed switches will allow to put a port into "management mode"  for use with things like IDSs etc.  But looking at the 3com manual though I didn't see anything that said the 3812 could.  You might give the manual a more indepth going over but it looks to me that you might have to pick a cheap little hub (4 port hubs don't look that expensive).
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 200 total points
ID: 11947814
I totally agree with joephus. A small hub is inexpesive. Cheap gigabit 4 port, $90 - $110.
0
 
LVL 2

Author Comment

by:xybx
ID: 11948121
Thanks for the fast response guys. I'll go the route of the hub. Guess it pays to buy a higher-end switch :)

See you,

0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question