[Snort-users] To TAP or HUB?

Henning, David henningd at ...7800...
Thu Dec 19 10:55:10 EST 2002


Sam,

Taps are much too expensive to use for casual home stuff.  Taps are most
useful in an environment where you can't span all the ports off a large core
switch.  A hub between the cable modem and fw will work just fine and be
very cheap.  If you properly stealth the nic on the hub no-one will ever
know you have an IDS there (except us of course ;).  Make certain you
configure the nic to not respond to arp and don't give it an IP address.
Unless there is a way to break Snort on the listening interface and
reconfigure the nic to respond to traffic an attacker can't get in through
that interface.

David Henning

-----Original Message-----
From: Carleton, Sam (SCI TW)
To: 'snort-users at lists.sourceforge.net'	
Sent: 12/19/02 1:21 PM
Subject: [Snort-users] To TAP or HUB?

Folks,

I understand the point of using a TAP with an IDS, but is it a must?
What
is the drawback to simply using a HUB?  I ask because a TAP is a bit
much
for the house, or at least right now.  My thought is this:  I put a HUB
between the cable modem and firewall.  Then I plug in the second NIC of
my
IDS Server, but never assign an IP address.  Then turn on snort to
listen to
that NIC.  Would that work?  Would a hacker be able to get into the IDS
Server?  It is my understanding that the presents of the IDS would be
known,
but I can live with that right now.  Are there any other drawbacks?

Sam


-------------------------------------------------------
This SF.NET email is sponsored by: Geek Gift Procrastinating?
Get the perfect geek gift now!  Before the Holidays pass you by.
T H I N K G E E K . C O M      http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



..
.




More information about the Snort-users mailing list