Home page logo

basics logo Security Basics mailing list archives

Inline IDS
From: Daniel Hood <dsmhood () gmail com>
Date: Mon, 23 Feb 2009 22:31:37 +1100

It seems I have decided on building an inline IDS. One of the ones
with an Ethernet tap. I just had two questions.

When people normally build ethernet taps (with all the soldering and
such), what do they normally use? Is there a certain brand/model of
hub, or do they buy a 4-port patch panel? By ethernet tap I mean one
of those things, that looks like a 4-port patch panel, thats wired so
that the IDS can pick up traffic passively and without impeding
performance or creating a single point of failure.

Also, I'm going to be most likely using either FreeBSD + Snort + Base
or Debian + Snort + Base, do I just need hogwash and/or snort_inline
as well or some other setups/config changes? Are there any changes to
the ethernet adapters set up (or just leave them with no IP addresses
but up?)

Thanks guys,

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]