OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Chris Green (cmguab.edu)
Date: Thu Jun 07 2001 - 13:19:34 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Dan Hollis <goemonanime.net> writes:
    >> the DS line of hubs from Netgear are Dual Speed, that is they have the two
    >> repeated channels, 100 and 10. If, as in your situation, your machines
    >> are all 100 (or even all 10) they you'll be fine with snort.
    >
    > Still waiting for someone to review the shomiti ethernet taps for use with
    > snort...
    >
    > -Dan

    Well depending on what you are doing, they are acceptable but I'm
    using them in conjunction with a hub ( actually 2 )

    inet
      |
    [router]
      |
    [ hub ] - shomiti - [ hub ] - monitoring devices
      |
    local

    The thing would be very nice is to drop it and replace the main hub
    portion but then you would break apart your RX/TX into 2 separate
    channels to monitor

    Shomiti's are designed like ( might have the monitor's swapped but
    i'm on vacation :> )

    inet -- -- local

    inet monitor -- local monitor

    so that you can see both sides of a 100mbit conversation

    Thats really great for being able to monitor troubles but IDS works
    best when you can see both sides at once at the same sensor. I've not
    tried unifying them at one hub yet but thats one risk prone possibilty. 

    -- 
Chris Green <cmguab.edu>
Laugh and the world laughs with you, snore and you sleep alone.

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users