[Snort-users] When is a hub not a hub? (AuthReply)
cmg at ...671...
Thu Jun 7 14:19:34 EDT 2001
Dan Hollis <goemon at ...20...> writes:
>> the DS line of hubs from Netgear are Dual Speed, that is they have the two
>> repeated channels, 100 and 10. If, as in your situation, your machines
>> are all 100 (or even all 10) they you'll be fine with snort.
> Still waiting for someone to review the shomiti ethernet taps for use with
Well depending on what you are doing, they are acceptable but I'm
using them in conjunction with a hub ( actually 2 )
[ hub ] - shomiti - [ hub ] - monitoring devices
The thing would be very nice is to drop it and replace the main hub
portion but then you would break apart your RX/TX into 2 separate
channels to monitor
Shomiti's are designed like ( might have the monitor's swapped but
i'm on vacation :> )
inet -- -- local
inet monitor -- local monitor
so that you can see both sides of a 100mbit conversation
Thats really great for being able to monitor troubles but IDS works
best when you can see both sides at once at the same sensor. I've not
tried unifying them at one hub yet but thats one risk prone possibilty.
Chris Green <cmg at ...671...>
Laugh and the world laughs with you, snore and you sleep alone.
More information about the Snort-users