No subject


Thu Nov 23 16:36:19 EST 2017


or switch port analyzer, as it is sometimes called, but I haven't yet much
practical experience with this kind of stuff.

I would NOT recomment you using a GIDS that actively blocks traffic,
because you have got a single point of failure here.
IMHO active blocking is the only true means of using GIDSs but I dont trust
that
either.
A NIDS can see all of the packets up to 100mbit/s if configured properly
and if you use strong hardware.

NNIDS are Host based IDSs that analyze the network traffic which comes and
goes
to that SINGLE machine that it monitors. Therefore they are sometimes also
called
"stack based IDS".

As I am currently analyzing how NIDS can be deployed on switched
environments
I can tell you, that such scenarios are sometimes beyond any economic
means. 
When it comes to monitoring high end ecommerce environments in full duplex
some vendors have developed redundant scenarios with lots of taps and 
toplayer switches as IDS load balancer....
You will want to analyze very carefully at which points of your
net NIDS is useful - sometimes NNIDS are better in order to economize on
cost
without leaving unmonitored patches.
If you don't need full duplex you can take a 100mbit/s hub and you can see
all the 
traffic that goes through that hub.



>PS. I'm only asking these questions as a semantics inquiry, I'm not
>meaning to start any wars.  Just feeding my curiosity.

Charges 15$ per issue ;-)

Greetings,
D. Liesen

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net





More information about the Snort-users mailing list