Firewall Wizards mailing list archives
RE: future of IDS
From: Doug Hughes <doug () Eng Auburn EDU>
Date: Sun, 18 Oct 1998 22:04:55 -0500 (CDT)
Not an ignorant question...Definitely a problem in a fair number of cases. Question: does every machine on your net have it's own port on a hub? If so...then there is no easy answer. My general approach has been to have every port of a switch branch out to a hub(10 or 100MB depending on the machines on that segment), and have one port on each hub running back to a dedicated machine with as many NICs as necessary to monitor each segment. A possible alternative would depend on your machines runnning Windows(95, NT, or 98) , and using Microsoft's Network Monitor which can monitor traffic on a remote machine that has the network monitor agent installed. Two questions for this crowd: 1) Anybody know of an equivalent remote packet dump/analysis program for unix?
What difference would there be between this and remotely logging into the machine and running tcpdump or snoop or whatever? That would seem to be more efficient than redirecting the entire packet stream back along the channel you are using.
2) With the reality of GB LAN networking nearing the mainstream, has anybody(switch vendor or other) speculated on having for example a 10/100MB switch that has a GB port that can spit out all traffic on all ports for monitoring? Would seem like an ideal solution for the security conscious.
I believe that most switch vendors do this already. I know that both 3com and cisco support this on some if not all of their switches. You select a port and replicate the traffic on it out another port.
Current thread:
- Re: future of IDS, (continued)
- Re: future of IDS Dominique Brezinski (Oct 19)
- Re: future of IDS Brent Huston (Oct 19)
- RE: future of IDS Choi, Byoung (Oct 19)
- Re: future of IDS Dex Wycoff (Oct 19)
- RFC blitzkreig server dreamwvr (Oct 23)
- Re: future of IDS Vern Paxson (Oct 19)
- Re: future of IDS Owen O'Connor (Oct 23)
- Re: future of IDS Vern Paxson (Oct 19)
- Re: future of IDS David Lang (Oct 23)
- Re: future of IDS Ken Hardy (Oct 27)
- Re: future of IDS David Lang (Oct 23)
- RE: future of IDS Doug Hughes (Oct 19)
- Re: future of IDS Darren Reed (Oct 23)
- Re: future of IDS Doug Hughes (Oct 23)
- Re: future of IDS Darren Reed (Oct 23)
- RE: future of IDS Brock, Todd (Oct 23)
- Re: future of IDS andrew . stewart (Oct 23)
- Re: future of IDS Vern Paxson (Oct 28)
- Re: future of IDS Ryan Russell (Oct 29)
- Re: future of IDS Ryan Russell (Oct 29)
- RE: future of IDS Peter Vanderborght (Oct 29)