Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

R: [ISSForum] Network sensor and clustering

from [Damonte Luca] Network Security [Permanent Link]
Subject: R: [ISSForum] Network sensor and clustering
Date: Thu, 4 Nov 2004 17:13:47 +0100 
To obtain the probe to monitor both fw:

You have to implement a Remote Span session, creating a vlan on which
monitored ports replicate traffic, like the example (using CatOS):


switch #1
# switch port analyzer
# source ports replicate traffic on vlan99 ****************************
set rspan source 4/3,4/4 99 both multicast enable create 


switch #2
# switch port analyzer
# you define source ports replicate traffic towards vlan99
****************************
set rspan source 4/31,4/33 99 both multicast enable create
# then you define the destination port (probe port) that monitors trafic
from vlan 99 **********
set rspan destination  4/48  99  inpkts disable learning enable create 


...then you plug the probe nic on switch #2, port 48 to monitor vlan99
traffic!


Bye!
Luca Damonte

-----Messaggio originale-----
Da: Aubin,Yves [mailto:yves.aubin@surete.qc.ca]
Inviato: mercoledì 27 ottobre 2004 16.44
A: issforum@iss.net
Oggetto: [ISSForum] Network sensor and clustering


Hi list,

 

We are currently looking at a solution that involves putting our
firewalls 

in cluster with 2 cisco switches, one for each firewall in the cluster
to 

create some load balancing at the same time.

We want to put the switches on a spanning tree and connect the
RealSecure 

Network Sensor on only 1 of those switches.

 

Has anybody ever attempted something like this, is this feasable and if
so 

is there any issues with the sensor!!!

 

Thanks

 

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • R: [ISSForum] Network sensor and clustering, Damonte Luca <=
Previous by Date:  Re: [ISSForum] Query Regarding RSKILL Option, Sergey V Soldatov
Next by Date:  RE: [ISSForum] Query Regarding RSKILL Option, priyank
Previous by Thread:  [ISSForum] Query Regarding RSKILL Option, priyank
Next by Thread:  [ISSForum] Problems with Database Scanner and Sybase, Hernandez, Marco
Indexes:  [Date] [Thread] [Top] [All Lists]