[Snort-users] NIDS in switched environments

counter.spy at ...348... counter.spy at ...348...
Sat May 18 06:50:01 EDT 2002

Alright, since it's one of my favorate topics, and since I have found that
questions regarding this topic are being asked with rising frequency, the
following might be of interest for many of you :)

Simon Edwards of Toplayer Networks has published an excellent paper on
"Vulnerabilities of Network Intrusion Detection Systems: Realizing and
Overcoming the Risks"
See www.toplayer.com in the "whitepapers" section.

(note: I am in no way affiliated with or sponsored by Toplayer Networks ;-)

In this paper Mr. Edwards adresses most of the problems that security staff
encounter when deploying NIDS in highly switched environments, e.g. switch
port mirroring drawbacks, split up datastreams (they call it flows) when using
network taps etc...

Those topics will also be covered by my technical paper which will come out
by September.

Regarding network taps, Jeff Nathan's nifty tapping diagrams are available
for download on the snort.org website.


GMX - Die Kommunikationsplattform im Internet.

More information about the Snort-users mailing list