IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: serial-line protocols

From: Raj Malhotra <ral.mal () gmail com>
Date: Tue, 31 Aug 2004 18:13:44 +0530
Hi,

The network looks like this

----------------------------------                               
----------------------------------
|       ROUTER             | -------PPP fiber link---|     ROUTER              |
----------------------------------                               
----------------------------------
       |                      |
------------------           ------------------  
| switch       |          | switch       |
------------------           ------------------

The constraints are as follows:
1) cannot mirror/span ports on the routers
2) cannot deploy NIDS at each switch

we are left with the only option of tapping the PPP link. 

Raj 

On Mon, 30 Aug 2004 10:30:42 -0400, Rob Shein <shoten () starpower net> wrote:

I would think you'd be better off deploying the NIDS at either end instead,
adjacent to one of the routers.  Anything passing in between them (and not
generated by one of them, obviously) would have to pass by that position
anyways, would it not?




-----Original Message-----
From: Raj Malhotra [mailto:ral.mal () gmail com]
Sent: Thursday, August 26, 2004 8:08 AM
To: focus-ids () securityfocus com
Subject: serial-line protocols


Hi,

We have two routers connected by fibre running a serial-line
protocol like PPP. If we need to deploy a NIDS running on a
linux-box having a 10/100/1000 ethernet card, would an
optical-tap with a protocol converter suffice?

With a serial-line protocol would any synchronization at the
protocol converter be necessary?
Previous By Date Next
Previous By Thread Next

Current thread: