Security Basics mailing list archives
Re: Inline IDS
From: Daniel Hood <dsmhood () gmail com>
Date: Thu, 26 Feb 2009 10:06:24 +1100
Thank you to everyone who answered this question. I now have a pretty good idea on how Im going to build this thing. Thanks, Daniel
It seems I have decided on building an inline IDS. One of the ones with an Ethernet tap. I just had two questions. When people normally build ethernet taps (with all the soldering and such), what do they normally use? Is there a certain brand/model of hub, or do they buy a 4-port patch panel? By ethernet tap I mean one of those things, that looks like a 4-port patch panel, thats wired so that the IDS can pick up traffic passively and without impeding performance or creating a single point of failure. Also, I'm going to be most likely using either FreeBSD + Snort + Base or Debian + Snort + Base, do I just need hogwash and/or snort_inline as well or some other setups/config changes? Are there any changes to the ethernet adapters set up (or just leave them with no IP addresses but up?) Thanks guys, Daniel
Current thread:
- Inline IDS Daniel Hood (Feb 24)
- Re: Inline IDS Matthew Topper (Feb 25)
- Re: Inline IDS DHEERAJ RAI (Feb 25)
- <Possible follow-ups>
- Re: Inline IDS Noah . Lance (Feb 25)
- Re: Inline IDS Daniel Hood (Feb 26)