[Snort-users] To TAP or HUB?
henningd at ...7800...
Thu Dec 19 10:55:10 EST 2002
Taps are much too expensive to use for casual home stuff. Taps are most
useful in an environment where you can't span all the ports off a large core
switch. A hub between the cable modem and fw will work just fine and be
very cheap. If you properly stealth the nic on the hub no-one will ever
know you have an IDS there (except us of course ;). Make certain you
configure the nic to not respond to arp and don't give it an IP address.
Unless there is a way to break Snort on the listening interface and
reconfigure the nic to respond to traffic an attacker can't get in through
From: Carleton, Sam (SCI TW)
To: 'snort-users at lists.sourceforge.net'
Sent: 12/19/02 1:21 PM
Subject: [Snort-users] To TAP or HUB?
I understand the point of using a TAP with an IDS, but is it a must?
is the drawback to simply using a HUB? I ask because a TAP is a bit
for the house, or at least right now. My thought is this: I put a HUB
between the cable modem and firewall. Then I plug in the second NIC of
IDS Server, but never assign an IP address. Then turn on snort to
that NIC. Would that work? Would a hacker be able to get into the IDS
Server? It is my understanding that the presents of the IDS would be
but I can live with that right now. Are there any other drawbacks?
This SF.NET email is sponsored by: Geek Gift Procrastinating?
Get the perfect geek gift now! Before the Holidays pass you by.
T H I N K G E E K . C O M http://www.thinkgeek.com/sf/
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users