[Snort-users] Network traffic forwarder (hardware device)

Erek Adams erek at ...577...
Fri Jun 28 13:12:06 EDT 2002


On Fri, 28 Jun 2002, Lee, Mike (BlackBoard Support) wrote:

>             I know some of you have told me this before, but I am asking
> again.  Can you send me a URL of a company that makes a device which
> forwards (actually duplicates) the network traffic.  I saw one before, it
> has one RJ-45 input and two outputs; one to say your firewall and the other
> to a snort machine.  I need one of these so I can see all of the nasty port
> scans on my snort box before they hit my netfilter firewall, which drops
> scans before snort can take effect.

<sarcastic bastard mode>

	http://www.netgear.com/hubs_main.asp

</sarcastic bastard mode>

Seriously--If you mean exactly what you describe in a technical sense, then
grab a hub, or a switch with port spanning/mirroring.

If you mean what you wrote in a more secure and 'network friendly' manner,
then have a look at taps.  <http://www.netoptics.com/net-96135.html>

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list