[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    IDS 4215, right place for a sniffing interface (DMZ or LAN)
From:       zillah <saadelias () hotmail ! com>
Date:       2006-11-28 15:20:24
Message-ID: 7580962.post () talk ! nabble ! com
[Download RAW message or body]


I have got at work this sensor with two interfaces only, I have been asked to
check that

IDSWORK# show version
Application Partition:
Cisco Systems Intrusion Detection Sensor, Version 4.1(1)S47

OS Version 2.4.18-5smpbigphys-4215
Platform: IDS-4215

one interface which is Ethernet 0 (not FastEthernet) connected to switch in
DMZ , and Ethernet 1 connected to switch 4005,,,,logically I have to monitor
DMZ zone not switch 4005 (since I have got only two interfaces, my
case),,,Am I right ?

That means Ethernet 0 should be for sniffing (monitoring)since it is
connected to DMZ,and interface 1 for command and control since it is
connected to 4005 switch, but according to cisco specification

http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1051279



Table 5-2

FastEthernet0/0: Interfaces Supporting Inline VLAN Pairs (Sensing Ports)

FastEthernet0/1: Interfaces Not Supporting Inline (Command and Control Port)

Note: Cisco has mentioned FastEthernet, the one that I have got Ethernet
,,,,does make any difference ?

Since I have not done that configuration , it has been done by some one
else, do I need to change that ?
-- 
View this message in context: \
http://www.nabble.com/IDS-4215%2C-right-place-for-a-sniffing-interface-%28DMZ-or-LAN%29-tf2718902.html#a7580962
 Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw \
 to learn more.
------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]