[Snort-users] Dual NIC with special feature...

Detmar Liesen counter.spy at ...348...
Wed Jul 24 12:09:08 EDT 2002


Paulo,
are you actually trying to say you want to use a network tap
and two NICs for sniffing both directions of a conversation?

You can use standard NICs and channel bonding for merging the split
datastreams.
Therefore you will have to compile bonding into your kernel.

Not sure what you are asking for.

Greets,
Detmar


-------------original message---------------
Hi!
This might be a little bit out of the list subject, my appologies 
for that.
I'm trying to set up an IDS on my network (with multiple 
_switched_networks). 

Scenario 1
Net A *------------------* Net B

Scenario 2
Net A *-------\ /-------* Net B
      | |
   +--+-+--+ 
   |  IDS  |
   | host  |
                   +-------+

I'm looking for DUAL NIC to do this, with a special feature if IDS 
host for some reason has a power failure, the connection between Nets A 
and B is not affected, we have scenario 1 again. (Bandwidth managers like 
PacketShaper -- www.packeteer.com, have a similar mechanism)

The IDS host is a passive host that only sniffes everything on the 
wire. This way we have an IDS host completely invisible on the net (also 
we have no arp poisning) we use an alternate NIC to comunicate with other 
IDS hosts/managers.

Does anyone know this hardware piece?

Thanks in advance.

Best regards,

-- 
Paulo Matos
 ----------------------------------- ----------------------------------
|Sys & Net Admin                    | Serviço de Informática           |
|Faculdade de Ciências e Tecnologia | Tel: +351-21-2948596             |
|Universidade Nova de Lisboa        | Fax: +351-21-2948548             |
|P-2829-516 Caparica                | e-Mail: pjsm at ...6433...          |
 ----------------------------------- ----------------------------------



-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net





More information about the Snort-users mailing list