RE: Use of Taps for IDSFrom: Jason Baeder (firstname.lastname@example.org)
- Previous message: Samuel f. Stover: "[Fwd: Re: Use of Taps for IDS]"
- Maybe in reply to: robert_david_graham: "RE: Use of Taps for IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Feb 2002 10:43:17 -0800 (PST) From: Jason Baeder <email@example.com> To: firstname.lastname@example.org
To bring the conversation back to IDS: if the "switching-hub" operates
at Layer 3 how you gonna make it work with an IDS sensor which
traditionally has no IP on the interface that receives data (usually in
promiscuous mode)? And the analyze ports from the taps don't have IP
addresses either, for that matter.
After talking with Greg Shipley on the phone about this very same
subject nearly a year ago I began on using taps with Cisco Catalyst
2924 (now 295x). The ability to put several taps on the same switch,
each isolated to its own VLAN, each reporting data to its own sensor
(on its own monitor port) is well worth the additional expense.
Just my $.02
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!