From owner-freebsd-security  Mon Jul  1 10:27: 8 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7686637B400
	for <security@FreeBSD.ORG>; Mon,  1 Jul 2002 10:27:06 -0700 (PDT)
Received: from balrog.rt.ru (balrog.rt.ru [217.107.221.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0DDB743E0A
	for <security@FreeBSD.ORG>; Mon,  1 Jul 2002 10:27:03 -0700 (PDT)
	(envelope-from dima@rt.ru)
Received: from rt.ru (localhost [127.0.0.1])
	by balrog.rt.ru (8.9.3/8.9.3) with ESMTP id VAA29535;
	Mon, 1 Jul 2002 21:24:28 +0400 (MSD)
	(envelope-from dima@rt.ru)
Message-ID: <3D20904C.8AF8703C@rt.ru>
Date: Mon, 01 Jul 2002 21:24:28 +0400
From: "Dmitry S. Rzhavin" <dima@rt.ru>
Organization: Rostelecom
X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 4.0-20000103-CURRENT i386)
X-Accept-Language: ru, en
MIME-Version: 1.0
To: mike.jablonski@abnamrousa.com, security@FreeBSD.ORG
Subject: Re: snort + vlans
References: <072290CFDAAC1F4A8A5853B20A9ADF4A2B0EB0@MES3>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

mike.jablonski@abnamrousa.com wrote:
> 
> you need to enable the span port feature.
> 

Sorry, seems my explain was too bad.
I have internal FW. It is connected to cat2924
with xl0 at 100Mbit.
Switch port is in trunk mode.
there is 2 vlans on xl0: vlan0 and vlan1.
There is no ip on xl0.
My defaultouter (cisco 26XX) is in vlan0 (trunk too).
My office subnet is on vlan1 (all office hosts
configured as vlan 1 on switch).

So, my box works as router+FW between vlan0 and vlan1.
Now it works.

So, I want to setup snort to detect attacks.
What iface (xl0, vlan0, or what) shall I bind snort
(snort -i flag) to make it analyze both internal
and external traffic?

Another question is: cisco detects vlans with vtp
protocol. Does FreeBSD supports it?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message