IDS mailing list archives
RE: Multiple network segment monitor with Snort
From: kgeorgiades () toplayer com
Date: Fri, 3 Oct 2003 11:00:45 -0400
Try using the Top Layer IDS Balancer. The ROI is immediate!. http://www.toplayer.com/content/products/intrusion_detection/ids_balancer.js p The IDS Balancer allows you to: a) Aggregate traffic from various network segments into the input ports (from taps or SPAN/Mirror ports) b) Filter traffic in way you like C) Create multiple copies of the same traffic (if you like) d) Distribute the traffic in a very flexible way to the IDS sensors (load balancing, n+1 redundancy, mix and match IDS sensors from different vendors). Our customers use the IDS Balancer as an Intelligent Layer 7 Patch Panel to help them build a centralized intelligent monitoring layer, to attach your monitoring devices (IDS sensors, sniffers, traffic analyzers, content inspection and in general any monitoring device that works in promiscuous mode). Note: I work for Top Layer Networks. Kyriacos (Ken) Georgiades Senior Director, Product Line Management Top Layer Networks, Inc Tel: 508 870 1300 x 231 Cell: 508 783 5988 Fax: 508 870 9797 Email: kgeorgiades () toplayer com www.toplayer.com -----Original Message----- From: Sergio Pozo Hidalgo [mailto:blitter_es () yahoo es] Sent: Wednesday, October 01, 2003 3:32 PM To: focus-ids () securityfocus com Subject: Re: Multiple network segment monitor with Snort I know that. But Cisco routers are very expensive. I was looking for cheaper solutions. My first desing used a Layer3 switch, but then I changed my mind (because of an impossibility for my netscreen border router to define more than two zones), and used a cheaper design (but I think that also less secure and manageable) with no Layer3 switch, but two Layer2 ones. Do you know any cheap Layer2 or Layer3 switch with mirror ports? Thank you. James Williams wrote:
If the box is connected to a cisco switch you can setup a port to monitor as many, or as few vlans as you want and send that traffic to the port that your snort box is connected to.
--------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 --------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- Re: Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Oct 02)
- Re: Multiple network segment monitor with Snort Dpk (Oct 02)
- <Possible follow-ups>
- Re: Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Oct 02)
- Re: Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Oct 02)
- RE: Multiple network segment monitor with Snort kgeorgiades (Oct 06)