IDS mailing list archives
Re: serial-line protocols
From: "Andy Cuff" <lists () securitywizardry com>
Date: Sat, 4 Sep 2004 08:44:47 +0100
Hi Raj,
From what you've said an optical tap is the way forward. The taps you
mention that only give you a portion of the light are probably entirely passive "vampire taps" that remove some of the fiber cladding and use refraction for their light source. The commercial active taps give a far more reliable output. I have salient details on every tap on the market here http://securitywizardry.com/taps.htm Alternatively can you put one of your switches in span or mirror port mode and see the data that way? Again I have listed the syntax for performing this function for many of the common switches out there here http://securitywizardry.com/switch.htm Hope this helps -andy cuff Talisker's Computer Security Portal Computer Network Defence Ltd http://www.securitywizardry.com ----- Original Message ----- From: "Raj Malhotra" <ral.mal () gmail com> To: "Vijayakumar.S" <vijay () nsecure net> Cc: "Rob Shein" <shoten () starpower net>; <focus-ids () securityfocus com>; <mmcguirl () lucidsecurity com> Sent: Wednesday, September 01, 2004 3:35 PM Subject: Re: serial-line protocols
Hi, ---------------------------------- ---------------------------------- | ROUTER | -------PPP fiber link---| ROUTER
|
---------------------------------- ---------------------------------- | | ------------------ ------------------ | switch | | switch | ------------------ ------------------ We are not allowed to touch the left part of the diagram for any type of deployment due to policies. We can deploy only on the outgoing link which is PPP. If we deploy any of the optical taps, the tap only splits the light wave to give us a portion of the raw data going on the link. Our NIDS has an ethernet interface and hence we need a protocol converter to convert from PPP to ethernet frames. How does the protocol converter detect the IP frames before it can encapsulate it into an ethernet frame and send out. Raj
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: serial-line protocols Raj Malhotra (Aug 31)
- Message not available
- Re: serial-line protocols Raj Malhotra (Sep 01)
- Re: serial-line protocols Michael McDonough (Sep 03)
- Re: serial-line protocols Andy Cuff (Sep 05)
- Re: serial-line protocols Raj Malhotra (Sep 01)
- Message not available