Re: port bonding and taps

[Bamm Visscher <bamm () satx rr com>]

I was just having a conversation about this yesterday. No one wants to use a hub in their network as it introduces 
latency/collisions/etc, but I've seen and heard of many implementing taps and IDS the way you mentioned. Just remember, 
that when you do this, every time that collision light blinks on that hub, a packets go into /dev/null never to be 
retransmitted again (allthough the intended recipient gets the original packet). Lets hope they are not ones your IDS 
needs to detect an intrusion.

Bammkkkk

On Thu, Oct 02, 2003 at 10:57:54AM -0400, Jeffrey.Stebelton () bisys com wrote:
> What we have done is to set a 10 Mb Ethernet hub up near the tap and run
> both tap ports into it. We then plug whatever sniffers you want into the
> hub and you will see both sides of the traffic.
>
> Jeff Stebelton
> Manager, Network Security
> BISYS Network Security Group
> 614-470-8249 direct
> 614-203-2563 cell

---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------