|
Intrusion Detection Systems
mailing list archives
Fwd: Re: Carrier/ISP Success Stories?
From: Dragos Ruiu <dr () v-wave com>
Date: Mon, 24 Jul 2000 23:12:53 -0700
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
---------- Forwarded Message ----------
Subject: Re: IDS: Carrier/ISP Success Stories?
Date: Mon, 24 Jul 2000 19:50:02 -0700
From: Dragos Ruiu <dr () dursec com>
On Mon, 24 Jul 2000, Robert Graham wrote:
One problem for which I'm looking for a solution is finding how to tap into the
network in order to see the traffic. With Ethernet, it's easy: simply attach to
a span/mirror/monitor port on the switch or use a full-duplex tap for
connections between switches. However, lots of ISPs use an ATM fabric for their
backbones. I still don't know of any good solutions for tapping into this. Does
aanybody have any ideas/success-stories?
I have had success tapping ATM with 90%/10% optical splitters from RedHawk.
An optical signal strength meter is useful here to make sure you can get enough
signal on the 10% side if you don't get sync.
A far easier way to do it is at the switch. All the ATM switches I know of
have the ability to multicast VCs to multiple ports. So by making the PVCs
you are interested in multicast to a monitor port you should be able to
acheive what you need.
cheers,
--dr
--
dursec.com ltd. / kyx.net - we're from the future http://www.dursec.com
 By Date 
By Thread
Current thread:
| 
Intro
