James, The sensors need to send the alarm data from the Management Interface(NIC) to the collection database. If the sensors are picking up a large amount of data, this could be very noisy on the network segment. One way to set this up, is to place the Management interface on a separate network. This will prevent the data from flooding your production networks.
Donald 'Scott' Allen Security Customer Advocate SBC Data Services Customer Care - Security 210-886-4493 | [EMAIL PROTECTED] This e-mail and any files transmitted with it are the property of SBC Communications and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender at 210-886-4493 and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited." -----Original Message----- From: Mohr James [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 6:52 AM To: [EMAIL PROTECTED] Subject: [ISSForum] Confusion about behaviour of Network Sensor Hi All! Please forgive the very newbie questions, but as the subject implies I am confused about the behavior of the Network Sensor. From what I have read, it seems that the network sensor is more or less passive. That is, it simply reads the network packets looking for problems. This is in contrast to the Internet Scanner which **actively** scans the network (i.e. port scans). (From the doc: "The network sensor monitors network packets to detect attacks or other security-related events.", and later "If you scan this network with Internet Scanner,...") One reason I am asking (other than to learn more about the system) is that my boss said that the reason we have not implemented the network sensors is that they cause too much traffic on the network, which contradicts what I understand. So, I guess the big question as to whether or not the Network Sensor causing traffic problems on the network. Any help is greatly appreaciated. Regards, Jim Mohr ELAXY Brokerage & Trading GmbH & Co KG _________________________________ James Mohr Systembetrieb Am Hofbr�uhaus 1 96450 Coburg Germany Fon +49 (0) 95 61.55 43.0 Fax +49 (0) 95 61.55 43.302 E-Mail: [EMAIL PROTECTED] --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
