[unisog] Network taps for IDS
H. Morrow Long
morrow.long at yale.edu
Thu Nov 8 21:16:28 GMT 2001
See Finisar Systems in line taps and splitters:
They used to be part of Shomiti Systems.
- H. Morrow Long
Greg Francis wrote:
> I'm setting up a permanent Snort IDS and I would like to tap into various
> parts of the network that lie between the routers and switches. Currently, I
> mirror the inbound switch port to dump the traffic to the IDS box. However,
> since we can only mirror a port to one other port, we'd have to disable the
> mirror periodically to do diagnostics and sometimes it doesn't get switched
> back. It also adds overhead to the switch that I would rather avoid.
> What I'm wondering is if there is a splitter or tap that you can put on a
> CAT5 connection (both 10 and 100 Mbps) that would alleviate the need for me
> to mirror one of the ports. I've thought about putting a hub in between the
> two switches but that doesn't sound very appealing as a long-term solution.
> It can't do anything to degrade performance, increase hop counts, etc.
> I want to do this at multiple points in the network. All of the equipment is
> CAT5 and in secure locations.
> Any solutions out there?
> Greg Francis
> Sr. System Administrator
> Gonzaga University
> francis at gonzaga.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4243 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.dshield.org/pipermail/unisog/attachments/20011108/8a97ba8f/smime-0007.bin
More information about the unisog