Firewall Wizards mailing list archives
RE: future of IDS
From: "Choi, Byoung" <bchoi () visa com>
Date: Fri, 16 Oct 1998 16:19:02 -0700
some alternatives i have looked into: 1. use switch's port mirroring (there's some issue regarding bandwidth though - how do you mirror multiple 100Mb/s ports into a single 100Mb/s port? i am not sure how switches deal with it) 2. choke the traffic into a single channel and sneak in a hub just for the purpose of sniffing 3. choke the traffic into a single channel and use a tap device ---------- From: Colin Campbell Sent: Wednesday, October 14, 1998 7:24 PM To: firewall-wizards () nfr net Subject: future of IDS Hi, (may show some ignorance here so be gentle :-) Our firewall sits between two networks. The "external" houses lots of internet-visible web servers, much as one would expect. The internal net houses intranet servers. Up until recently, these nets were just plain old hubs. They also suffered from consistent 10% collision rates. Everyone was hurting. Consequently, we replaced these hubs with switches. Network performance is great. No collisions, the machines that can talk at 100Mb do, all is well with the world. Well, almost. I tried snooping some traffic between two machines and when I saw nothing, the difference between hubs and switches suddenly dawned on me. Now, after all this preamble, I do actually have a question for the great minds to ponder. With the likelihood that more and more hubs are going to disappear and be replaced by switches, where does that leave the humble IDS that can no longer see all the traffic it needs to, to do its job? Colin
Current thread:
- Re: future of IDS, (continued)
- Re: future of IDS Vern Paxson (Oct 16)
- Re: future of IDS Stephen P. Gibbons (Oct 19)
- Re: future of IDS Crispin Cowan (Oct 23)
- Re: future of IDS Stephen P. Gibbons (Oct 23)
- Re: future of IDS Stephen P. Gibbons (Oct 19)
- Re: future of IDS Darren Reed (Oct 19)
- Re: future of IDS Doug Hughes (Oct 23)
- Re: future of IDS Darren Reed (Oct 28)
- Re: future of IDS Doug Hughes (Oct 28)
- Re: future of IDS Vern Paxson (Oct 16)
- RFC blitzkreig server dreamwvr (Oct 23)
- Re: future of IDS Owen O'Connor (Oct 23)
- Re: future of IDS David Lang (Oct 23)
- Re: future of IDS Ken Hardy (Oct 27)
- Re: future of IDS Darren Reed (Oct 23)
- Re: future of IDS Doug Hughes (Oct 23)