How does snort work in a switched network? What are some good ways to set up snort on a network that uses multiple switches and has several subnets.
Printable View
How does snort work in a switched network? What are some good ways to set up snort on a network that uses multiple switches and has several subnets.
It doesn't really unfortunately...
Possibilities are pretty much limited to using port mirroring (SPAN ports), "splicing in" on an uplink/trunk with a hub...
Ammo
hmm, then is there any good IDS software that will work in a switched enviornment?
Well, it's more a limitation of the concept of NIDS vs switching...
Only *true* solution is to have the IDS integrated to the switch, like on some cisco catalysts...
Ammo