|
Firewall Wizards
mailing list archives
Re: Shomiti Taps, Cisco Port Mirroring and IDS
From: Roelof JT Jonkman <roel () SiliconDefense com>
Date: Fri, 04 Jan 2002 10:46:54 -0800
Don,
Original
Router-----Firewall
After
Router----<P 1> Century TAP <Port 2>---Firewall
| |
<P 3> <P 4>
The vendors advised me that for the other 2 ports, I
was told that each port mirrored out one direction
flow. Eg. Router --->Firewall for Port 3 and
Firewall---> Router for Port 4.
From the looks of things I would have to connect both
Port 3 and 4 to another Hub and plugging an network
IDS into that hub.
If the effective bandwidth between the router and the firewall doesn't
exceed the bandwidth of a the hub. IOW the aggregate of
the flow from the router to the firewall and the flow from the
firewall to the router can not exceed the bandwidth of the hub,
otherwise you're loosing packets in the hub.
If the aggregate exceeds the bandwidth of the hub, there are
various solutions, depending on the abilities of the IDS,
you can stick two interfaces in the IDS. And then there is
propably a variety of solutions with switches and port mirroring
that you can do. (Although those switches tend to get expensive.)
Roel Jonkman
Security Engineer
http://www.SiliconDefense.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: Shomiti Taps, Cisco Port Mirroring and IDS, (continued)
|
Intro
