IDS mailing list archives

Re: Sniffing split connections

From: Richard Bejtlich <taosecurity () gmail com>
Date: Wed, 13 Apr 2005 19:57:29 -0400

On 4/11/05, Chris Mills <securinate () gmail com> wrote:

Hi all-

Here's the problem I'm having:

I have a client site that has two physical connections from its ATM
switch that connect to two different providers.


Hi Chris,

Could you tap these two ATM links with two of these Net Optics products?

http://www.netoptics.com/products/product_family_details.asp?cid=1&pid=47&Section=products&menuitem=1

Then send the two sets of outputs to a single sensor, and bond those
four interfaces to a single virtual interface that you then monitor?

Richard

--------------------------------------------------------------------------
Stop hurting your network!

The NeVO passive vulnerability sensor continuously finds vulnerabilities,
applications and new hosts without the need for network scanning.
It also finds compromised systems with application-based intrusion detection.
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------

Current thread:

Sniffing split connections Chris Mills (Apr 13)
- Re: Sniffing split connections Richard Bejtlich (Apr 15)
- Re: Sniffing split connections Tony Carter (Apr 15)
- Re: Sniffing split connections rusty chiles (Apr 15)
  - Re: Sniffing split connections Chris Mills (Apr 15)
- Re: Sniffing split connections Adam Powers (Apr 20)
- <Possible follow-ups>
- RE: Sniffing split connections Geff Ambrose (Apr 15)
  - Re: Sniffing split connections Barrett G . Lyon (Apr 20)
- Re: Sniffing split connections Johann_van_Duyn (Apr 19)