Firewall Wizards mailing list archives
Re: The devil's in the details
From: czarcone () rpm com
Date: Thu, 22 Jul 1999 09:08:33 -0400
Tina, Hmmm... The destination SPAN port receives a mirror of TX/RX/both traffic from another port. According to Cisco's literature, however, your SPAN port can simultaneously participate in another Vlan, including the same Vlan as the monitored port. With respect to the SPAN port, you can enable its normal inbound traffic in addition to any spanned mirror traffic, but Cisco doesn't say anything about outbound traffic. I've never tried it, so it might be worth a lab experiment or two... http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_4_5/config/span.htm You could also get pretty creative with the physical cabling if you have your own raw materials and a crimping tool. You could create a custom three-way cable with the RX wiring connected to the SPAN port and the TX wiring connected to another port on your perimeter Vlan. I've done things similar to this in the past (mainly for a receive-only SYSLOG machine) but never tried it for IDS purposes. Might be worth ANOTHER lab experiment... And I suppose we could just do away with SPAN ports altogether and use vampire taps (the ORIGINAL SPAN port :-). Of course, they have become a little more sophisitcated than the days of Thickwire. At least one vendor I know of (Shomiti) makes a range of 10/100 inline taps... I still call them vampire taps, though... Regards, Chris Christopher Zarcone Network Security Consultant RPM Consulting, Inc. #include <std.disclaimer.h> Tina Lamias <tina.lamias () motorola com> on 07/21/99 09:23:38 PM To: Chris Zarcone/RPM@RPM cc: firewall-wizards () nfr net Subject: Re: The devil's in the details Christopher, But the 'span' does not allow you to send a reset to any *bad* connection attempt does it?? I believe this is why we had to go with a hub in a certain instance...we could 'watch' but not 'act.' --Tina
Current thread:
- Re: The devil's in the details, (continued)
- Re: The devil's in the details David Lang (Jul 13)
- Re: The devil's in the details Lance Spitzner (Jul 14)
- Re: The devil's in the details David Lang (Jul 14)
- Re: The devil's in the details Lance Spitzner (Jul 14)
- Re: The devil's in the details Technical Incursion Countermeasures (Jul 14)
- RE: The devil's in the details Thomas Crowe (Jul 14)
- RE: The devil's in the details Brian W. Laing (Jul 14)
- Re: The devil's in the details Security Administrator (Jul 14)
- Re: The devil's in the details czarcone (Jul 14)
- Re: The devil's in the details Tina Lamias (Jul 23)
- RE: The devil's in the details Kyle Starkey (Jul 14)
- Re: The devil's in the details czarcone (Jul 23)
- Re: The devil's in the details David Lang (Jul 13)