RE: Advice on the Network Infrastructure Side of IDS Design...

[counter.spy () gmx de]

Wow, this one seems to be a request for a full grown concept rather than a
special technical question. Buy a geek in a can,.... ;)

Well, I am still a newbie, but if you can offer me a job, I'll see what I
can do...
Sorry, sorry, just kidding, no flames ;)

To the first few questions:
Switches with gigabit backplanes should be capable of mirroring several fast
ethernet
ports to one or more mirrorports, I have heard.

For the read only and full duplex stuff you can use network taps such as
those from shomiti or netoptics (does anybody know another vendor?).

What I think the problem is, if you don't want to merge datastreams by using
an additional switch for that purpose, you will somehow have to get an IDS
do that merging itself, i.e. listening on two interfaces at the same time
for
stateful analysis.
You could use channel bonding for the same purpose and let the IDS listen on
a bond (virtual) device.

Now that's all I know and I haven't yet tested all of it.
HTH

D. Liesen


-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users