From owner-freebsd-questions Thu May 31 11: 3: 5 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.nic.mx (mail.nic.mx [200.23.1.17]) by hub.freebsd.org (Postfix) with ESMTP id 72E8737B422 for ; Thu, 31 May 2001 11:03:01 -0700 (PDT) (envelope-from 00540562@academ01.maz.itesm.mx) Received: from hp.academ01.maz.itesm.mx (hp.nic.mx [200.33.1.5]) by mail.nic.mx (8.9.3/8.9.3) with ESMTP id NAA25037 for ; Thu, 31 May 2001 13:00:14 -0500 (CDT) Message-Id: <5.1.0.14.0.20010531125730.00ab9928@pop3.norton.antivirus> X-Sender: 00540562%academ01.maz.itesm.mx/webmail.rzp.itesm.mx@pop3.norton.antivirus X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 31 May 2001 13:03:11 -0500 To: freebsd-questions@FreeBSD.ORG From: Usgado Lopez <00540562@academ01.maz.itesm.mx> Subject: Snort and CISCO router Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is cisco router question more than FreeBSD. I have the following configuration in my Cisco router. serial 0 (ISP) serial 1 (ISP) (Multihomed) Fastethernet0 (LAN) Fastethernet1 (LAN) Fastethernet3 (LAN) Fastethernet2 (free) I want to put a machine alone with snort in Fastethernet2 , is there any way in which all traffic that came from my two ISP's go to Fastethernet 2 to allow snort sniff and look for intrusion. (something like sending the same packet to two interfaces). I don't want to put a hub or something like that to allow snort to sniff the traffic. Please answer to my e-mail address I am not subscribe to the list. Thanks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message