Re: Gig TAPs

["Talisker" <talisker () networkintrusion co uk>]

> Suffice it to say, however, that a tap is a tap is a tap, as far as I've
been able to tell.

If only it were that simple, when they are tested they need to be able to
cope with a variety of traffic, as Rob Shein eluded to in a previous post
".... Did they demonstrate it on a network using really large packets, with
all traffic of equal packet size and zero fragmentation?  Or was it on a
real network..... "

How does the tap deal with full duplex, does it rely on you coping with it
by providing 2 outputs or does it do it internally on the proviso that once
the network reaches it's capacity ie 100Mb/s in either one direction or
50Mb/s in both directions it drops packets.

Is there a fail safe, and almost as importantly does the fail safe kick in
instantly.

Then there are the minor issues, how sturdy are they, we had to return one
(nameless) because the power connector was loose, losing sensor data
everytime we went in the rack.

Overheating, the aircon failed, the servers all managed no problem but the
tap died first taking with it  the failsafe and therefore the network
connection.

Finally and fairly important for me, can I visibly demonstrate to network
owners that there is no transmit and therefore that I am not introducing a
firewall bypass.

One of the best I've seen was a hotch potch of fiber/ethernet media
converters (3) cobbled together, worked fine but proved expensive and a
nightmare finding sufficient power outlets.

Most important of all though is how bright the little LEDs can flash and how
many colors  ;o)

take care
-andy

Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Peter Schawacker" <pschawacker () nfr com>
To: "'Bawcom, Aaron'" <aaron_bawcom () intrusion com>; "'Garritano,Robert'"
<Robert.Garritano () cna com>; "'Talisker'" <talisker () networkintrusion co uk>
Cc: <focus-ids () securityfocus com>
Sent: Monday, February 03, 2003 6:13 PM
Subject: RE: Gig TAPs



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My apologies.  I got Intrusion's tap's mixed up with another
Netoptics OEM deal.  Suffice it to say, however, that a tap is a tap
is a tap, as far as I've been able to tell.

Sorry, Aaron.  Didn't mean to cast aspersions on Intrusion.  The
company has some good products and terrific staff (I used to work
there :-)).

Mea culpa.

Peter

- -----Original Message-----
From: Bawcom, Aaron [mailto:aaron_bawcom () intrusion com]
Sent: Monday, February 03, 2003 10:08 AM
To: 'Peter Schawacker'; 'Garritano,Robert'
Cc: 'Talisker'; focus-ids () securityfocus com
Subject: RE: Gig TAPs


Not pointing the finger but just clarifying any ambiguity:

"Netoptics is actually the manufacturer of Intrusion's taps" --
False. I work at Intrusion and unless Netoptics 1) got the board
schematics 2) are manufacturing them for free 3) breaking into our
inventory and putting them in our boxes, then Netoptics has no tie to
the Intrusion taps. The Intrusion SecureNet IDS Taps were
specifically engineered for IDS applications. More info can be found
here (in addition to the URL below):
https://www.intrusion.com/products/downloads/TapPO_1102.pdf

- -----Original Message-----
From: Peter Schawacker [mailto:pschawacker () nfr com]
Sent: Friday, January 31, 2003 1:08 PM
To: 'Garritano,Robert'
Cc: 'Talisker'; focus-ids () securityfocus com
Subject: RE: Gig TAPs



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Netoptics is actually the manufacturer of Intrusion's taps.  I think I heard
that Netoptics makes taps for Finisar (formerly Shomiti) as well.  If all
taps are made by one company, then it's all about price and support.

http://www.netoptics.com/ http://www.finisar.com/product/product.start.php
http://www.intrusion.com/products/product.asp?lngProdNmId=39&lngCatId=4

I've seen taps used in dozens of deployments.  Never have I had problems
with them.

Peter Schawacker, CISSP
Senior Systems Engineer
NFR Security
43300 Warner Trail
Palm Desert, CA 92211
Office: 760-200-4258
Mobile: 760-221-2404

- - -----Original Message-----
From: Talisker [mailto:talisker () networkintrusion co uk]
Sent: Thursday, January 30, 2003 12:28 PM
To: Garritano,Robert; focus-ids () securityfocus com
Subject: Re: Gig TAPs


Robert
> Has anyone used gigabit TAPs in their network?  I currently use
> Finisar ehternet TAPs, but are looking for cost, model, etc for gig E
> TAPs.

I recently saw Intrusion Inc's Gigabit TAP demonstrated and it did the
business pretty well

- - -andy


Taliskers Network Security Tools http://www.networkintrusion.co.uk
- - ----- Original Message -----
From: "Garritano,Robert" <Robert.Garritano () cna com>
To: <focus-ids () securityfocus com>
Sent: Wednesday, January 29, 2003 5:38 PM
Subject: Gig TAPs


> Has anyone used gigabit TAPs in their network?  I currently use
> Finisar ehternet TAPs, but are looking for cost, model, etc for gig E
> TAPs.
>
> Thx
****************************************************************************
> This email is confidential and intended only for the stated
> addressee(s).
If
> you receive this in error, please inform us immediately and delete it
> and all copies from your system. Any unauthorized disclosure, use, or
> dissemination, either whole or partial, is prohibited. Any views or
opinions
> contained in this email are those of the author and are not
> necessarily endorsed by CNA, and the company cannot be held
> responsible for any
misuse.
> This email and its attachments are believed to be free of any virus,
> or defect, but it is the responsibility of the recipient to ensure
> this. CNA does not accept responsibility or liability for any loss or
> damage arising in any way from its receipt or use or for any errors or
> omissions in its contents which may arise as a result of its
> transmission.  This email is covered by CNA's Terms and Conditions of
> Business, a copy of which can be viewed on our website, or on request.
****************************************************************************
>

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPjrJfvZ0MWG5/LasEQJxJgCg8yWnlkIAbY5xlsLoFUZeRjOT7rcAoOoA
HQFcWZu84HmEshMWbKCHzCps
=gNyL
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPj6xZvZ0MWG5/LasEQIFcACgsfWaOjsf6XRvi8MfB2kwLw0BzLgAoJpN
aayIxBcCzqhEa4bXyRkMr086
=8x2p
-----END PGP SIGNATURE-----