[Snort-users] CAT5 Twisted Pair 100Mbit Full-Duplex Ethernet Taps?

agetchel at ...1525... agetchel at ...1525...
Thu Mar 15 22:30:35 EST 2001

Hi all,
	We are getting ready to invest in some network taps for our IDS
systems.  I've had two devices recommended to me, those are the NetOptics
Splitter Tap or the Shomiti Century Tap.  Are there many differences in
these four port taps?  Any reasons to pick one over the other?  On paper,
they look pretty much the same.
	Also, how would the configuration of an ISS RealSecure system work
with these taps?  From the ISS RealSecure FAQs, I understand that you cannot
bind the app to more than one NIC.  This means you would have to have two
IDS systems; one for monitoring incoming traffic and one for monitoring
outgoing traffic.  Is this correct?  This would DOUBLE the cost of the
overall system as we would have to duplicate hardware and software.  If
using Snort instead of ISS, could you simply have a box with two NICs, one
plugged into the 'incoming' traffic port and one plugged into the 'outgoing'
traffic port, and have two copies of Snort running concurrently each bound
to one of the NICs?  I've not tested this, and hope that someone has so they
can give me a quick answer. =)
	Any help is appreciated guys and gals!


Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel at ...1525...
Web     http://www.kde.state.ky.us/

More information about the Snort-users mailing list