[Snort-users] To TAP or HUB?
Carleton, Sam (SCI TW)
Sam_Carleton_TW at ...7796...
Thu Dec 19 10:23:05 EST 2002
I understand the point of using a TAP with an IDS, but is it a must? What
is the drawback to simply using a HUB? I ask because a TAP is a bit much
for the house, or at least right now. My thought is this: I put a HUB
between the cable modem and firewall. Then I plug in the second NIC of my
IDS Server, but never assign an IP address. Then turn on snort to listen to
that NIC. Would that work? Would a hacker be able to get into the IDS
Server? It is my understanding that the presents of the IDS would be known,
but I can live with that right now. Are there any other drawbacks?
More information about the Snort-users