Snort mailing list archives
NIDS in switched environments
From: counter.spy () gmx de
Date: Sat, 18 May 2002 15:49:02 +0200 (MEST)
Alright, since it's one of my favorate topics, and since I have found that questions regarding this topic are being asked with rising frequency, the following might be of interest for many of you :) Simon Edwards of Toplayer Networks has published an excellent paper on toplayer.com: "Vulnerabilities of Network Intrusion Detection Systems: Realizing and Overcoming the Risks" See www.toplayer.com in the "whitepapers" section. (note: I am in no way affiliated with or sponsored by Toplayer Networks ;-) ) In this paper Mr. Edwards adresses most of the problems that security staff will encounter when deploying NIDS in highly switched environments, e.g. switch port mirroring drawbacks, split up datastreams (they call it flows) when using network taps etc... Those topics will also be covered by my technical paper which will come out by September. Regarding network taps, Jeff Nathan's nifty tapping diagrams are available for download on the snort.org website. Greetings, Detmar -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NIDS in switched environments counter . spy (May 18)