Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: Re: future of IDS

Re: future of IDS

Gigi Sullivan (sullivanseclab.com)
Fri, 16 Oct 1998 19:30:10 +0200 (CEST)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: sandeep kumar: "Re: Firewall Science Project"
Previous message: Thomas Schiavinato: "Re: Verifying SP installation on NT 4"
In reply to: Alyea: "Verifying SP installation on NT 4"
Next in thread: David Lang: "Re: future of IDS"
Reply: David Lang: "Re: future of IDS"

Hello to all ;)

On Thu, 15 Oct 1998, Colin Campbell wrote:

> Date: Thu, 15 Oct 1998 12:24:24 +1000 (EST)
> From: Colin Campbell <sgcccdccitec.qld.gov.au>
> To: firewall-wizardsnfr.net
> Subject: future of IDS
>
> Hi,
>
> (may show some ignorance here so be gentle :-)
>
> Our firewall sits between two networks. The "external" houses lots of
> internet-visible web servers, much as one would expect. The internal net
> houses intranet servers. Up until recently, these nets were just plain old
> hubs. They also suffered from consistent 10% collision rates. Everyone was
> hurting.
>
> Consequently, we replaced these hubs with switches. Network performance is
> great. No collisions, the machines that can talk at 100Mb do, all is well
> with the world. Well, almost. I tried snooping some traffic between two
> machines and when I saw nothing, the difference between hubs and switches
> suddenly dawned on me.
>
> Now, after all this preamble, I do actually have a question for the great
> minds to ponder. With the likelihood that more and more hubs are going to
> disappear and be replaced by switches, where does that leave the humble

Uhm why are you saying so ? HUBs and swithes are not really the same
things. Sometimes you need HUB, sometime you need switch, imho.

> IDS that can no longer see all the traffic it needs to, to do its job?

I really don't remember the 'technical word', however you can configure a
switch's port to 'grabb' all the traffic that pass through the other
ports, hence acting like a 'one port' HUB.

>
> Colin
>
>
>
>

Bye bye

-- gg sullivan

--
Lorenzo Cavallaro
Intesis SECURITY LAB            Phone: +39-2-671563.1
Via Settembrini, 35             Fax: +39-2-66981953
I-20124 Milano  ITALY           Email: sullivanseclab.com

Next message: sandeep kumar: "Re: Firewall Science Project"
Previous message: Thomas Schiavinato: "Re: Verifying SP installation on NT 4"
In reply to: Alyea: "Verifying SP installation on NT 4"
Next in thread: David Lang: "Re: future of IDS"
Reply: David Lang: "Re: future of IDS"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:57 CDT