[Snort-users] How Safe: Construction and Use of a Passive Ethernet Tap

bwood-lists bwood-lists at ...11152...
Thu Feb 5 12:56:10 EST 2004


I've built the passive Ethernet tap as described by
http://www.snort.org/docs/tap/. It works great, or at least as advertised. 

I have some concerns about how safe this design is/might be. Right now it's
hooked up to equipment that is expendable, but I have some concerns about
hooking this up to real equipment that is not expendable. Specifically, I'm
worried about problems resulting from the signal not being isolated (or at
least, I'm relying on the NICs isolation), and (potential) signal
degradation. (For example, do I need to worry about how far away the IDS
NICs are from the tap/total length of the runs)?

Commercial solutions don't appear to be at the point of being a commodity
item. I've seen many solutions from companies I've never heard. Pricing
seems to be from a few hundred dollars/port to "call us". Even the
recommendations I've seen here and at snort.org don't really give specific
model numbers (and/or fall into that mysterious "call us for pricing"
category. So I'm not completely sure what to buy if we go the commercial
route. 

Suggestions, Comments?





More information about the Snort-users mailing list