Solved

Snort IDS set up on switched LAN + 3COM managed switch

Posted on 2004-08-31
3
525 Views
Last Modified: 2013-12-03
Hello all,

Thanks in advance for the help with this one.

Here's a brief overview of how I have it set up currently:

Internet -> Router -> Firewall -> Switch (not hub) -> LAN, which includes hosts and IDS.

The issue is that Snort can't sniff very well on a switched LAN (few sniffers can). I'm aware that going to a model like:

Internet -> Router -> Firewall -> Hub
                                                   |
                                                   ^
                                                 /    \
                                           Switch  IDS

..would solve my problem.

However, I need to do this without acquiring more hardware. I know some Cisco switches allow LAN traffic to be monitored on a specific port, so that I could still sniff the network without additional hardware. Is this doable with a managed 3COM (3812, if that helps you) switch?

If I assign an IP to the switch will I need to re-address my hosts, or is that strictly for switch management?

Thanks for the help.



0
Comment
Question by:xybx
3 Comments
 
LVL 1

Accepted Solution

by:
joephus earned 250 total points
ID: 11947484
The IP address will probably just be a managment IP so, unless you use the ip address as a host on your network you shouldn't have to change your hosts config.  Most managed switches will allow to put a port into "management mode"  for use with things like IDSs etc.  But looking at the 3com manual though I didn't see anything that said the 3812 could.  You might give the manual a more indepth going over but it looks to me that you might have to pick a cheap little hub (4 port hubs don't look that expensive).
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 50 total points
ID: 11947814
I totally agree with joephus. A small hub is inexpesive. Cheap gigabit 4 port, $90 - $110.
0
 
LVL 2

Author Comment

by:xybx
ID: 11948121
Thanks for the fast response guys. I'll go the route of the hub. Guess it pays to buy a higher-end switch :)

See you,

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLAN Overused monitor 4 34
Use multiple VLANs on the same interface on a Cisco 877 4 44
Windows PE .WIM files WDS issue 4 27
igmp snooping in layer 2 switch 4 12
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question