|
Ryan,
<Apologies as this is off topic to bridging, but might be useful to some>
If the switches that you recently upgraded have management capabilities, they most likely will have the ability to allow a single port to be set into a monitoring mode. This effectively will direct all packets going through the switch to also be directed to the monitoring port. The rest of the devices connected to the switch will continue to benefit from the switch, but the specific monitor port will allow you to receive every packet, allowing your IDS to function the way you want.
If you have more than one switch that you want to monitor, the design starts to get a little more tricky, but this should get you started.
Chris Paalman
> From: Ryan McConigley < > > Subject: [Bridge] Bridges and IDS > > > Hi all, I've been running a bridging firewall now for about six months > (works great) and now I'm working on setting up an IDS (Intrusion Detection > System) just to be on the safe side. I'm new to this aspect of network > security so have been reading up on it. > > Most of the docs recommend putting in a IDS box onto a hub so it can > monitor all the packets sent to the hub. Great, that works fine, but we've > recently upgraded to a fully switched network. If I plug an IDS box into > that I only get stuff sent to that port on the switch, which is limited in > its usefullness. > > So, I thought, why not set up a bridge between two switches and use that > as an IDS. > > Does this sounds reasonable to people and has anyone else tried it or are > there any pointers/ideas on it in general? > > Thanks, > Ryan. > --
|
