[Snort-users] To TAP or HUB?

Carleton, Sam (SCI TW) Sam_Carleton_TW at ...7796...
Thu Dec 19 10:23:05 EST 2002


I understand the point of using a TAP with an IDS, but is it a must?  What
is the drawback to simply using a HUB?  I ask because a TAP is a bit much
for the house, or at least right now.  My thought is this:  I put a HUB
between the cable modem and firewall.  Then I plug in the second NIC of my
IDS Server, but never assign an IP address.  Then turn on snort to listen to
that NIC.  Would that work?  Would a hacker be able to get into the IDS
Server?  It is my understanding that the presents of the IDS would be known,
but I can live with that right now.  Are there any other drawbacks?


More information about the Snort-users mailing list