[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    NIDS Recommendations in limited environment...
From:       Clint Byrum <cbyrum () spamaps ! org>
Date:       2002-07-31 20:31:32
[Download RAW message or body]

Ok, after running into the mostly useless Intel 510 "port mirroring" in
quite a few locations, I need some advice. What does one do when the
switch in use, cannot provide proper monitoring functions.

Most of the time I'm dealing with a relatively small amount of traffic,
on the order of 30-40Mbit at absolute peak times, and an average of
0.5-1Mbit. The HP ProCurve switches seem to handle this just fine with
their monitoring port setup.

I am using snort on midrange x86 boxes running Linux in most cases.

Thanks in advance.



[prev in list] [next in list] [prev in thread] [next in thread]