Re: serial-line protocols

• Previous message: Bamm Visscher: "Re: session logging IDS"
• Next in thread: Raj Malhotra: "Re: serial-line protocols"
• Maybe reply: Raj Malhotra: "Re: serial-line protocols"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 31 Aug 2004 18:13:44 +0530
To: Rob Shein <shoten@starpower.net>

Hi,

The network looks like this

----------------------------------
----------------------------------
| ROUTER | -------PPP fiber link---| ROUTER |
----------------------------------
----------------------------------
       | |
------------------ ------------------
| switch | | switch |
------------------ ------------------

The constraints are as follows:
1) cannot mirror/span ports on the routers
2) cannot deploy NIDS at each switch

we are left with the only option of tapping the PPP link.

Raj

On Mon, 30 Aug 2004 10:30:42 -0400, Rob Shein <shoten@starpower.net> wrote:
> I would think you'd be better off deploying the NIDS at either end instead,
> adjacent to one of the routers. Anything passing in between them (and not
> generated by one of them, obviously) would have to pass by that position
> anyways, would it not?
>
>
>
> > -----Original Message-----
> > From: Raj Malhotra [mailto:ral.mal@gmail.com]
> > Sent: Thursday, August 26, 2004 8:08 AM
> > To: focus-ids@securityfocus.com
> > Subject: serial-line protocols
> >
> >
> > Hi,
> >
> > We have two routers connected by fibre running a serial-line
> > protocol like PPP. If we need to deploy a NIDS running on a
> > linux-box having a 10/100/1000 ethernet card, would an
> > optical-tap with a protocol converter suffice?
> >
> > With a serial-line protocol would any synchronization at the
> > protocol converter be necessary?
> >
>
>

• Previous message: Bamm Visscher: "Re: session logging IDS"
• Next in thread: Raj Malhotra: "Re: serial-line protocols"
• Maybe reply: Raj Malhotra: "Re: serial-line protocols"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]