Intrusion Detection Systems mailing list archives

RE: RE: IDS taps in a switched network

From: blue0ne () igloo org (Jackie Chan)
Date: Sat, 30 Oct 1999 15:50:19 -0400 (EDT)



Someone wrote:

Um, the spy port is just ONE port. So what happens when I define a VLAN
with, say, 24 ports and redirect all that traffic to one spy port? All those
packets ain't gonna fit through that one little narrow doorway. ;-)


That all depends on the aggregate bandwidth of the switch itself.  Lets
also remember that a 2924 switch has a 3.2 GB backplane.

To echo Rons post, the Shomiti Tap solution is probably the best way to
monitor traffic in a large enterprise.  It is best used in conjunction
with a 2900 switch.

Blue0ne

Current thread:

Re: Comparison of several IDS Vin McLellan (Oct 26)
- Re: Comparison of several IDS Herve DEBAR (Oct 27)
- IDS taps in a switched network mark.gandy () dowcorning com (Oct 27)
  - Re: IDS taps in a switched network Jackie Chan (Oct 27)
  - RE: IDS taps in a switched network David Newman (Oct 28)
    - Re: RE: IDS taps in a switched network R. Brockway (Oct 29)
    - RE: RE: IDS taps in a switched network David Newman (Oct 29)
    - RE: RE: IDS taps in a switched network Jackie Chan (Oct 30)
    - RE: RE: IDS taps in a switched network David Newman (Oct 30)
    - RE: RE: IDS taps in a switched network (The right tools for the job) Ron Gula (Oct 31)
- <Possible follow-ups>
- RE: Comparison of several IDS pcafarchio () icsa net (Oct 26)