IDS mailing list archives
Critical Tap Device vs Homebrew Tap
From: "jose b. chua" <jose () njneuromed org>
Date: Mon, 2 Feb 2004 12:17:24 -0500
In deploying an IDS I would like to have it monitor the traffic between the router and firewall using a passive ethernet tap. I found a construction guide for such a tap on the Internet by Michael Peters (http://www.snort.org/docs/tap/). I also found several devices, rackmount or boxed, for sale by several companies, the price range of which, for a single tap, runs nearly $400. Can someone please explain to me what the price differential is for?
From what I understand, the critical tap devices offer failover if the
tapping link goes dead. Now, I can modify the design in the guide to monitor the link and have a relay switch to bypass the tap route. Is there some additional functionality or protection the more expensive device offers? --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Critical Tap Device vs Homebrew Tap jose b. chua (Feb 02)
- <Possible follow-ups>
- Re: Critical Tap Device vs Homebrew Tap Richard Bejtlich (Feb 02)
- RE: Critical Tap Device vs Homebrew Tap jose b. chua (Feb 05)