Snort mailing list archives
RE: To TAP or HUB?
From: "Madziarczyk, Jonathan" <than () cityofevanston org>
Date: Thu, 19 Dec 2002 12:51:40 -0600
From my understanding....
Since you're only monitoring between the cable modem and the firewall, putting a hub in between the two is almost the exact same thing as putting a tap between. As for the hacker...the only way that I can think of for him to be able to access your IDS box would be to come through your firewall and access the internal nic. No one should be able to even detect that you have the unassigned nic sitting outside the firewall listening. If you were doing flexresp or something like that I guess its conceivable that someone could figure out that you have an IDS. Hope that helps, I'm sure someone will correct me if I missed/messed something. JonM -----Original Message----- From: Carleton, Sam (SCI TW) [mailto:Sam_Carleton_TW () stercomm com] Sent: Thursday, December 19, 2002 12:21 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] To TAP or HUB? Folks, I understand the point of using a TAP with an IDS, but is it a must? What is the drawback to simply using a HUB? I ask because a TAP is a bit much for the house, or at least right now. My thought is this: I put a HUB between the cable modem and firewall. Then I plug in the second NIC of my IDS Server, but never assign an IP address. Then turn on snort to listen to that NIC. Would that work? Would a hacker be able to get into the IDS Server? It is my understanding that the presents of the IDS would be known, but I can live with that right now. Are there any other drawbacks? Sam ------------------------------------------------------- This SF.NET email is sponsored by: Geek Gift Procrastinating? Get the perfect geek gift now! Before the Holidays pass you by. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: Geek Gift Procrastinating? Get the perfect geek gift now! Before the Holidays pass you by. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- To TAP or HUB? Carleton, Sam (SCI TW) (Dec 19)
- <Possible follow-ups>
- RE: To TAP or HUB? Henning, David (Dec 19)
- RE: To TAP or HUB? Frank Knobbe (Dec 19)
- RE: To TAP or HUB? Madziarczyk, Jonathan (Dec 19)
- RE: To TAP or HUB? Shane Hickey (Dec 19)
- RE: To TAP or HUB? Eric Joe (Dec 19)
- RE: To TAP or HUB? Shane Hickey (Dec 19)
- RE: To TAP or HUB? Matt Kettler (Dec 19)