How Safe: Construction and Use of a Passive Ethernet Tap

["bwood-lists" <bwood-lists () vertex com>]

I've built the passive Ethernet tap as described by
http://www.snort.org/docs/tap/. It works great, or at least as advertised. 

I have some concerns about how safe this design is/might be. Right now it's
hooked up to equipment that is expendable, but I have some concerns about
hooking this up to real equipment that is not expendable. Specifically, I'm
worried about problems resulting from the signal not being isolated (or at
least, I'm relying on the NICs isolation), and (potential) signal
degradation. (For example, do I need to worry about how far away the IDS
NICs are from the tap/total length of the runs)?

Commercial solutions don't appear to be at the point of being a commodity
item. I've seen many solutions from companies I've never heard. Pricing
seems to be from a few hundred dollars/port to "call us". Even the
recommendations I've seen here and at snort.org don't really give specific
model numbers (and/or fall into that mysterious "call us for pricing"
category. So I'm not completely sure what to buy if we go the commercial
route. 

Suggestions, Comments?



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users