DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st June 2011
unixjingleman unixjingleman is offline
Fdisk Soldier
 
Join Date: Jan 2011
Posts: 70
Thanked 0 Times in 0 Posts
Default Question about Snort sensor placement

Hi there
Erm my network looks like this:

|Internal hosts|--|switch|---|OpenBSD firwall|-----|switch|---|border router|

My servers are attached to the switch, that is attached to the border router. I would very much like to use snort on OpenBSD. I have one spare machine(for loghost and/or snort sensor).
Am i right in thinking that my only option, to monitor my servers at little extra cost, is to attach a hub to the switch that my servers are attached to, then attach the snort box and the servers to this hub?
There are no other low cost solutions, correct?
Thank you very much for any advice
Reply With Quote
  #2   (View Single Post)  
Old 1st June 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,930
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by unixjingleman View Post
Am i right in thinking that my only option, to monitor my servers at little extra cost, is to attach a hub to the switch that my servers are attached to, then attach the snort box and the servers to this hub?
This is one option. Others exist too.
  • Some switches can also duplicate traffic to another port. Cisco's SPAN/RSPAN comes to mind. Used 2950's/25960's on eBay should be able do this, but if you are seriously thinking about going with used Cisco equipment, be sure to have researched the model on Cisco's Website to ensure that it can replicate traffic to a different port first.
  • Network taps are a better choice for analyzing packet traffic than hubs or port replication on switches by minimally affecting transfer latency. NetOptics has a number of taps for sale across a nominal price range if you are really serious about it. Here too, going to eBay may help with the sticker shock, but research the topic thoroughly first. Buyer beware.

Last edited by ocicat; 1st June 2011 at 04:57 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Intrusion detector Snort now has improved HTTP inspection J65nko News 0 27th April 2010 11:29 PM
PF + SNORT on one machine WeakSauceIII OpenBSD Security 5 30th July 2009 09:02 AM
external drive partition question + fdisk question gosha OpenBSD General 15 15th June 2009 02:00 PM
snort install error ijk FreeBSD Installation and Upgrading 1 11th August 2008 10:53 AM
FreeBSD 7 and AMD CPU sensor Oliver_H FreeBSD General 1 20th May 2008 05:20 PM


All times are GMT. The time now is 08:20 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick