Re: Gbps Network Taps

["Mark W. Jeanmougin" <mark.jeanmougin () cchmc org>]

On 04/07/2011 06:04 AM, Joe Pampel wrote:
> We' using VSS.

We were using NetOptics iBypass taps (1 Gbit Copper & Fiber and 10 Gbit 
Fiber) to put our Sourcefire gear inline. They're horrible:
* They'll send out snmp traps saying "Port A Utilization is at 52%" WHO 
CARES!?!? (You can't turn these off. Further, you can fully saturate a 
line, and it won't send out a trap. It seems totally random)
* There's no good way to force a tap into "bypass" mode (to do 
maintenance on your snort sensor)
* They don't always send out snmp traps when they go into bypass mode. 
Or come out of bypass mode.

We just bought like $200k worth of Datacom systems taps. Hopefully, 
these will be better. The Networking guys did lots of research on these. 
It sounds like they work well with snmp & sending out info via syslog.

I'm the "IPS guy". The "networking guys" handle the taps.

MJ


------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users