I want to deploy a Snort IDS in the network, with passive taps in
front of and behind my m0n0wall firewall, which runs on a Soekris
net4801 w/ lan1621 for a total of 5 network ports. I'll use a
separate server or two for Snort, but I don't want to deploy another
layer of potential failures by installing network hubs that I
wouldn't need otherwise. I also don't want to use my Snort server(s)
as bridges - I want my network to stay up even if the IDS hardware
I'm only using three of my five network ports on the m0n0/Soekris box
- can I set up the other two ports so that they mirror LAN & WAN
traffic? If so, how?
Any help would be appreciated.
Cernio Technology Cooperative
graham dot freeman at cernio dot com