Re: Fwd: Re: Carrier/ISP Success Stories?

[Ron Gula <rgula () network-defense com>]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------

> On Mon, 24 Jul 2000, Robert Graham wrote:
> > One problem for which I'm looking for a solution is finding how to tap
into the
> > network in order to see the traffic. With Ethernet, it's easy: simply
attach to
> > a span/mirror/monitor port on the switch or use a full-duplex tap for
> > connections between switches. However, lots of ISPs use an ATM fabric
for their
> > backbones. I still don't know of any good solutions for tapping into
this. Does
> > aanybody have any ideas/success-stories?

We have a version of Dragon for FreeBSD 'working' on ATM although it is not in
production from NSW yet. The toughest part was getting the right ATM cards.
I think 
long term, convincing some network guys to drop in an optical splitter into
an OC-3 
or OC-12 link will be difficult. If you have a good switch, then spanning a
port 
(like in a 5500) may work, but it places a load on the box which is not
needed. 
Hardware accelerated switched like those from Alcatel or Cabletron could
help if
you are not a Cisco shop. 

Ron Gula
Network Security Wizards