Snort mailing list archives
How Safe: Construction and Use of a Passive Ethernet Tap
From: "bwood-lists" <bwood-lists () vertex com>
Date: Thu, 5 Feb 2004 14:55:40 -0600
I've built the passive Ethernet tap as described by http://www.snort.org/docs/tap/. It works great, or at least as advertised. I have some concerns about how safe this design is/might be. Right now it's hooked up to equipment that is expendable, but I have some concerns about hooking this up to real equipment that is not expendable. Specifically, I'm worried about problems resulting from the signal not being isolated (or at least, I'm relying on the NICs isolation), and (potential) signal degradation. (For example, do I need to worry about how far away the IDS NICs are from the tap/total length of the runs)? Commercial solutions don't appear to be at the point of being a commodity item. I've seen many solutions from companies I've never heard. Pricing seems to be from a few hundred dollars/port to "call us". Even the recommendations I've seen here and at snort.org don't really give specific model numbers (and/or fall into that mysterious "call us for pricing" category. So I'm not completely sure what to buy if we go the commercial route. Suggestions, Comments? ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How Safe: Construction and Use of a Passive Ethernet Tap bwood-lists (Feb 05)