Firewall Wizards mailing list archives
Re: future of IDS
From: David Lang <dlang () diginsite com>
Date: Fri, 16 Oct 1998 17:29:28 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- the problem with monitor port on switches is that if you have a fair size office the total bandwidth of traffic that goes through the switch can easily be higher then the speed of the port you are monitoring on (yes I know gigabit ports are now available, but even these can be overflowed, and what IDS even claims to be able to handle gigabit speeds). Monitor ports may work at the lower end but not in larger settings where they are more likly to be desired. David Lang On Fri, 16 Oct 1998, Gigi Sullivan wrote:
Date: Fri, 16 Oct 1998 19:30:10 +0200 (CEST) From: Gigi Sullivan <sullivan () seclab com> To: Colin Campbell <sgcccdc () citec qld gov au> Cc: firewall-wizards () nfr net Subject: Re: future of IDS Hello to all ;) On Thu, 15 Oct 1998, Colin Campbell wrote:Date: Thu, 15 Oct 1998 12:24:24 +1000 (EST) From: Colin Campbell <sgcccdc () citec qld gov au> To: firewall-wizards () nfr net Subject: future of IDS Hi, (may show some ignorance here so be gentle :-) Our firewall sits between two networks. The "external" houses lots of internet-visible web servers, much as one would expect. The internal net houses intranet servers. Up until recently, these nets were just plain old hubs. They also suffered from consistent 10% collision rates. Everyone was hurting. Consequently, we replaced these hubs with switches. Network performance is great. No collisions, the machines that can talk at 100Mb do, all is well with the world. Well, almost. I tried snooping some traffic between two machines and when I saw nothing, the difference between hubs and switches suddenly dawned on me. Now, after all this preamble, I do actually have a question for the great minds to ponder. With the likelihood that more and more hubs are going to disappear and be replaced by switches, where does that leave the humbleUhm why are you saying so ? HUBs and swithes are not really the same things. Sometimes you need HUB, sometime you need switch, imho.IDS that can no longer see all the traffic it needs to, to do its job?I really don't remember the 'technical word', however you can configure a switch's port to 'grabb' all the traffic that pass through the other ports, hence acting like a 'one port' HUB.ColinBye bye -- gg sullivan -- Lorenzo Cavallaro Intesis SECURITY LAB Phone: +39-2-671563.1 Via Settembrini, 35 Fax: +39-2-66981953 I-20124 Milano ITALY Email: sullivan () seclab com
-----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNifk6j7msCGEppcbAQFPVggApcHIMyxN6NZ4ginlMBatNa1tuB0koWzE LfLFCkNP1fOVfXEJOaf66J38tV77bYG/uFnoPhlBQWRD/do9ZS+FXu7e629J9Uzh CCUs/1bzvaBwskRHulbHhjR539QLA/Hg7eiSmVHCaEzpY6ADZramMeYM5JGDG0J8 0Z2mwWQsuqWdu+Qe+FTPaDUwuHNZ/3+H4kZ+DZLZ/mk1UEZ82qax2HYLdHFNBjSL 7q4Hjqi/xqcMt/647qyKSEHDCkdBdwxUCOl4NohBRjYs5k+/RD/cDu8ogqesKcja sIuudIyv1RfMPlSqaPR5kLTh+TX1mb67e4nqciwjkZ68j9dC7gk+nQ== =g9uR -----END PGP SIGNATURE-----
Current thread:
- future of IDS Colin Campbell (Oct 16)
- Re: future of IDS Bennett Todd (Oct 16)
- Re: future of IDS Martin W Freiss (Oct 19)
- Re: future of IDS Owen O'Connor (Oct 23)
- Message not available
- Re: future of IDS Bennett Todd (Oct 23)
- Re: future of IDS Dominique Brezinski (Oct 27)
- Re: future of IDS Bennett Todd (Oct 28)
- Re: future of IDS David LeBlanc (Oct 28)
- Re: future of IDS Martin W Freiss (Oct 19)
- Re: future of IDS Bennett Todd (Oct 16)
- Re: future of IDS David Lang (Oct 19)
- Re: future of IDS Adam Shostack (Oct 19)
- Re: future of IDS John Ladwig (Oct 23)
- RE: future of IDS Jonathan Rozes (Oct 19)
- <Possible follow-ups>
- Re: future of IDS Vern Paxson (Oct 16)
- Re: future of IDS Stephen P. Gibbons (Oct 19)
- Re: future of IDS Crispin Cowan (Oct 23)
- Re: future of IDS Stephen P. Gibbons (Oct 19)