[Snort-users] Gbps Network Taps
Mark W. Jeanmougin
mark.jeanmougin at ...14628...
Thu Apr 7 07:53:30 EDT 2011
On 04/07/2011 06:04 AM, Joe Pampel wrote:
> We' using VSS.
We were using NetOptics iBypass taps (1 Gbit Copper & Fiber and 10 Gbit
Fiber) to put our Sourcefire gear inline. They're horrible:
* They'll send out snmp traps saying "Port A Utilization is at 52%" WHO
CARES!?!? (You can't turn these off. Further, you can fully saturate a
line, and it won't send out a trap. It seems totally random)
* There's no good way to force a tap into "bypass" mode (to do
maintenance on your snort sensor)
* They don't always send out snmp traps when they go into bypass mode.
Or come out of bypass mode.
We just bought like $200k worth of Datacom systems taps. Hopefully,
these will be better. The Networking guys did lots of research on these.
It sounds like they work well with snmp & sending out info via syslog.
I'm the "IPS guy". The "networking guys" handle the taps.
More information about the Snort-users