Solved

Snort IDS set up on switched LAN + 3COM managed switch

Posted on 2004-08-31
3
533 Views
Last Modified: 2013-12-03
Hello all,

Thanks in advance for the help with this one.

Here's a brief overview of how I have it set up currently:

Internet -> Router -> Firewall -> Switch (not hub) -> LAN, which includes hosts and IDS.

The issue is that Snort can't sniff very well on a switched LAN (few sniffers can). I'm aware that going to a model like:

Internet -> Router -> Firewall -> Hub
                                                   |
                                                   ^
                                                 /    \
                                           Switch  IDS

..would solve my problem.

However, I need to do this without acquiring more hardware. I know some Cisco switches allow LAN traffic to be monitored on a specific port, so that I could still sniff the network without additional hardware. Is this doable with a managed 3COM (3812, if that helps you) switch?

If I assign an IP to the switch will I need to re-address my hosts, or is that strictly for switch management?

Thanks for the help.



0
Comment
Question by:xybx
3 Comments
 
LVL 1

Accepted Solution

by:
joephus earned 250 total points
ID: 11947484
The IP address will probably just be a managment IP so, unless you use the ip address as a host on your network you shouldn't have to change your hosts config.  Most managed switches will allow to put a port into "management mode"  for use with things like IDSs etc.  But looking at the 3com manual though I didn't see anything that said the 3812 could.  You might give the manual a more indepth going over but it looks to me that you might have to pick a cheap little hub (4 port hubs don't look that expensive).
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 50 total points
ID: 11947814
I totally agree with joephus. A small hub is inexpesive. Cheap gigabit 4 port, $90 - $110.
0
 
LVL 2

Author Comment

by:xybx
ID: 11948121
Thanks for the fast response guys. I'll go the route of the hub. Guess it pays to buy a higher-end switch :)

See you,

0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question