No subject

Thu Nov 23 16:36:19 EST 2017

or switch port analyzer, as it is sometimes called, but I haven't yet much
practical experience with this kind of stuff.

I would NOT recomment you using a GIDS that actively blocks traffic,
because you have got a single point of failure here.
IMHO active blocking is the only true means of using GIDSs but I dont trust
A NIDS can see all of the packets up to 100mbit/s if configured properly
and if you use strong hardware.

NNIDS are Host based IDSs that analyze the network traffic which comes and
to that SINGLE machine that it monitors. Therefore they are sometimes also
"stack based IDS".

As I am currently analyzing how NIDS can be deployed on switched
I can tell you, that such scenarios are sometimes beyond any economic
When it comes to monitoring high end ecommerce environments in full duplex
some vendors have developed redundant scenarios with lots of taps and 
toplayer switches as IDS load balancer....
You will want to analyze very carefully at which points of your
net NIDS is useful - sometimes NNIDS are better in order to economize on
without leaving unmonitored patches.
If you don't need full duplex you can take a 100mbit/s hub and you can see
all the 
traffic that goes through that hub.

>PS. I'm only asking these questions as a semantics inquiry, I'm not
>meaning to start any wars.  Just feeding my curiosity.

Charges 15$ per issue ;-)

D. Liesen

GMX - Die Kommunikationsplattform im Internet.

More information about the Snort-users mailing list