Home page logo
/

basics logo Security Basics mailing list archives

Inline IDS
From: Daniel Hood <dsmhood () gmail com>
Date: Mon, 23 Feb 2009 22:31:37 +1100

It seems I have decided on building an inline IDS. One of the ones
with an Ethernet tap. I just had two questions.

When people normally build ethernet taps (with all the soldering and
such), what do they normally use? Is there a certain brand/model of
hub, or do they buy a 4-port patch panel? By ethernet tap I mean one
of those things, that looks like a 4-port patch panel, thats wired so
that the IDS can pick up traffic passively and without impeding
performance or creating a single point of failure.

Also, I'm going to be most likely using either FreeBSD + Snort + Base
or Debian + Snort + Base, do I just need hogwash and/or snort_inline
as well or some other setups/config changes? Are there any changes to
the ethernet adapters set up (or just leave them with no IP addresses
but up?)


Thanks guys,
Daniel


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]