NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 2000-q1

Subject: Re: IDS: Taps
From: Jackie Chan (blue0neigloo.org)
Date: Wed Mar 29 2000 - 07:06:51 CST

Next message: Chad Harrington: "RE: IDS: IDS for Win2k"
Previous message: Ron Gula: "Re: IDS: a novice question. -reply"
In reply to: Lodin, Steven {IT 4~Indianapolis}: "IDS: Taps"
Reply: Jackie Chan: "Re: IDS: Taps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
Steven,

If the link being monitored is full duplex, than a HUB will appear to
work, but however there will be collisions on the "4 port" tap variant. I
cannot speak for taps other than shomiti. All questions you have asked
will be well answered by the document located at
http://www.secur-e.com/files/ShomitiTap.pdf

This paper was written after installing a "Tap Architecture" on three very
large networks. There is much experience backing it up, and it is not
very theoretical at all.

Cheers ,
blue0ne

On Wed, 29 Mar 2000, Lodin, Steven {IT 4~Indianapolis} wrote:

> Sometime in the next couple of months we are changing our Internet/DMZ
> architecture from shared 10Mbit to switched 100 Mbit. I've been watching
> the discussion on taps with great interest.
>
> There are at least three vendors:
>
> Shomiti - http://www.shomiti.com
> ODS - http://www.ods.com
> NetOptics - http://www.netoptics.com
>
> One of the gotchas with a tap, so I've been told, is that they have 4 ports.
> Two are dedicated to incoming/outgoing traffic. The other two are the taps
> off that traffic, one for each direction. Is this true of all taps in
> general? From what I understand, there are two solutions to using one
> network detector to watch both incoming and outgoing traffic, pull both
> ports into a hub or into a switch. In theory, a switch should be used
> because of CSMA/CD? In practice, what is being used?
>
> Are there any other gotchas with respect to taps?
>
> Thanks!
>
> Steve
>

Next message: Chad Harrington: "RE: IDS: IDS for Win2k"
Previous message: Ron Gula: "Re: IDS: a novice question. -reply"
In reply to: Lodin, Steven {IT 4~Indianapolis}: "IDS: Taps"
Reply: Jackie Chan: "Re: IDS: Taps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]