Intrusion Detection Systems mailing list archives
Re: RE: IDS taps in a switched network
From: rockie () apk net (R. Brockway)
Date: Fri, 29 Oct 1999 21:28:05 -0400 (EDT)
On Thu, 28 Oct 1999, David Newman wrote:
--Some switches have a "spy port" that allows traffic to be redirected. This is really no better than a monitor hanging off a single port, since only one port at a time can be monitored.
not true, on ciscos you can have a span port which is the "spy" port, but redirect entire VLANS to that port, not just traffic from one other port.
None of these approaches are IDS-specific. What we *really* need is for some big switch maker to run IDS code on an ASIC inside their switch. Any switch makers listening?
cisco (not to sound like an affiliate, cause i just use the equip alot) has been toying with a mini IDS (catches MAYBE 45 recon signatures) in IOS versions 12.0(5)T and greater with the Firewall Feature Set. Its not great, but its a start, and that code can be easily written into their switches. -rockie -- R. Brockway APK Net Systems Administrator
Current thread:
- Re: Comparison of several IDS Vin McLellan (Oct 26)
- Re: Comparison of several IDS Herve DEBAR (Oct 27)
- IDS taps in a switched network mark.gandy () dowcorning com (Oct 27)
- Re: IDS taps in a switched network Jackie Chan (Oct 27)
- RE: IDS taps in a switched network David Newman (Oct 28)
- Re: RE: IDS taps in a switched network R. Brockway (Oct 29)
- RE: RE: IDS taps in a switched network David Newman (Oct 29)
- RE: RE: IDS taps in a switched network Jackie Chan (Oct 30)
- RE: RE: IDS taps in a switched network David Newman (Oct 30)
- RE: RE: IDS taps in a switched network (The right tools for the job) Ron Gula (Oct 31)
- <Possible follow-ups>
- RE: Comparison of several IDS pcafarchio () icsa net (Oct 26)