Firewall Wizards: Re: Shomiti Taps, Cisco Port Mirroring and IDS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: Shomiti Taps, Cisco Port Mirroring and IDS

From: John Adams <jna () retina net>
Date: Sat, 5 Jan 2002 01:58:18 -0500 (EST)


I don't understand why you would ever need one of these devices if you
have the two switches on a VLAN and you have a span port enabled.

On the other hand, if you think you need another hub, perhaps you could
use two crossover cables in and out of the tap?

-john

On Thu, 3 Jan 2002, Don Ng wrote:

 Hello all, just need some assistance on the issue of
Shomiti taps. I have spoken to the vendors but they
had to check ...

 I am looking at their Century taps that comes with 4
ports.
 Two ports are used to place the device inline with
the segment to be monitored.

Original
  Router-----Firewall
After
  Router----<P 1> Century TAP <Port 2>---Firewall
                  |         |
                 <P 3>    <P 4>
The vendors advised me that for the other 2 ports, I
was told that each port mirrored out one direction
flow. Eg. Router --->Firewall for Port 3 and
Firewall---> Router for Port 4.

 From the looks of things I would have to connect both

Port 3 and 4 to another Hub and plugging an network
IDS into that hub.

 Router----<P 1> Century TAP <Port 2>---Firewall
                  |         |
                 <P 3>    <P 4>
                    |      |
                     HUB
                      |----NID-200

Is this the optimal way to put an inline tap.
Cisco port mirroring seems to work fine mirroing
multiple ports to a single port connected to an IDS.

Glad for any help and comments.












=====
A Nobel Peace Prize for Jim Henson,
 He bought laughter to a lot of people.

 PS: I work in www.Quantiqint.com so
 comments regarding CyberGuard FW, NFR Security, Network-1,
 might be judged to be biased.

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


--
J. Adams                                        http://www.retina.net/~jna

I'm not offened by the things that you say, 'cause it's such a predictable
way to wreak havoc / Talk. I need something to agree with at first / You
were right / I was wrong / Now does that make you happy?  --Lush


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

Re: Shomiti Taps, Cisco Port Mirroring and IDS, (continued)
- RE: Shomiti Taps, Cisco Port Mirroring and IDS franks (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Roelof JT Jonkman (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS John Adams (Jan 05)
  - Re: Shomiti Taps, Cisco Port Mirroring and IDS Don Ng (Jan 06)