Date: Mon, 1 Jul 2002 15:01:16 -0400 (EDT) From: Kenneth Smith <kennsmit@gcfn.org> To: dima@rt.ru Cc: security@FreeBSD.ORG Subject: Re: snort + vlans Message-ID: <27779.199.125.55.250.1025550076.squirrel@www.gcfn.org> In-Reply-To: <3D20904C.8AF8703C@rt.ru> References: <3D20904C.8AF8703C@rt.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Dmitry: Have you looked at the IOS "port monitor" command? It is not clear what you are referring to when you say "my box," but I would be careful if you are using vlan's to seperate your unsecured and secured LAN's. ks > mike.jablonski@abnamrousa.com wrote: >> >> you need to enable the span port feature. >> > > Sorry, seems my explain was too bad. > I have internal FW. It is connected to cat2924 > with xl0 at 100Mbit. > Switch port is in trunk mode. > there is 2 vlans on xl0: vlan0 and vlan1. > There is no ip on xl0. > My defaultouter (cisco 26XX) is in vlan0 (trunk too). > My office subnet is on vlan1 (all office hosts > configured as vlan 1 on switch). > > So, my box works as router+FW between vlan0 and vlan1. > Now it works. > > So, I want to setup snort to detect attacks. > What iface (xl0, vlan0, or what) shall I bind snort > (snort -i flag) to make it analyze both internal > and external traffic? > > Another question is: cisco detects vlans with vtp > protocol. Does FreeBSD supports it? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27779.199.125.55.250.1025550076.squirrel>