Hi,
The network looks like this
----------------------------------
----------------------------------
| ROUTER | -------PPP fiber link---| ROUTER |
----------------------------------
----------------------------------
| |
------------------ ------------------
| switch | | switch |
------------------ ------------------
The constraints are as follows:
1) cannot mirror/span ports on the routers
2) cannot deploy NIDS at each switch
we are left with the only option of tapping the PPP link.
Raj
On Mon, 30 Aug 2004 10:30:42 -0400, Rob Shein <shoten_at_starpower.net> wrote:
> I would think you'd be better off deploying the NIDS at either end instead,
> adjacent to one of the routers. Anything passing in between them (and not
> generated by one of them, obviously) would have to pass by that position
> anyways, would it not?
>
>
>
> > -----Original Message-----
> > From: Raj Malhotra [mailto:ral.mal_at_gmail.com]
> > Sent: Thursday, August 26, 2004 8:08 AM
> > To: focus-ids_at_securityfocus.com
> > Subject: serial-line protocols
> >
> >
> > Hi,
> >
> > We have two routers connected by fibre running a serial-line
> > protocol like PPP. If we need to deploy a NIDS running on a
> > linux-box having a 10/100/1000 ethernet card, would an
> > optical-tap with a protocol converter suffice?
> >
> > With a serial-line protocol would any synchronization at the
> > protocol converter be necessary?
> >
>
>
Received on Sep 01 2004
Intro
