July 29th, 2002, 05:34 PM
spoof/sniff on a switched network
i m trying to find a way to prevent arp spoof and sniff on my switched network and generally secure it.
after some personal researches i came to the result of : buy an ids and some sensors...(or convince my management that bsd and snort will be able to do what we need atm, but i ve close to no hope on this one).
maybe some of you have good ideas/practices/software i can use, some info on my setup :
- fully switched network,
- cisco devices only (2924 --> 4006),
- vlans used and deployed, so is vtp (...meaning the private vlan feature from cisco is a no no for me).
Also hardcoding the mac adress per port will give me nothing against the sniffing.
thanks in advance.
July 29th, 2002, 06:01 PM
just pop snort on bsd and you are all set. it works fine with switches and routers that are in place. just put it on your pipe to the outside world and youll be all set.
July 30th, 2002, 01:41 PM
well thanks but this doesnt apply to my setup sadly.
- big boss is against *bsd and the whole opensource concept, he prefers nothing than a bsd with snort...stupid but well, he s the boss.
July 31st, 2002, 06:57 AM
Just don't tell him that it's BSD. You can give the big speal and show him the web front end. He'll not know the difference. Also you can collect some pingas towards the xmas piss up.
....attempting constantly to find a place where learning is no longer necessary
July 31st, 2002, 12:47 PM
I will be posting a tut soon that i am working on now "installing snort on win2k" maybe he would go for that? I have been using it for a few weeks and seems to work well.
just making some minor adjustments to your system....