No subject


Thu Nov 23 16:36:19 EST 2017


Since you're only monitoring between the cable modem and the firewall,
putting a hub in between the two is almost the exact same thing as
putting a tap between. As for the hacker...the only way that I can think
of for him to be able to access your IDS box would be to come through
your firewall and access the internal nic.  No one should be able to
even detect that you have the unassigned nic sitting outside the
firewall listening.  If you were doing flexresp or something like that I
guess its conceivable that someone could figure out that you have an
IDS.

Hope that helps, I'm sure someone will correct me if I missed/messed
something.

JonM

-----Original Message-----
From: Carleton, Sam (SCI TW) [mailto:Sam_Carleton_TW at ...7796...]=20
Sent: Thursday, December 19, 2002 12:21 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] To TAP or HUB?

Folks,

I understand the point of using a TAP with an IDS, but is it a must?
What
is the drawback to simply using a HUB?  I ask because a TAP is a bit
much
for the house, or at least right now.  My thought is this:  I put a HUB
between the cable modem and firewall.  Then I plug in the second NIC of
my
IDS Server, but never assign an IP address.  Then turn on snort to
listen to
that NIC.  Would that work?  Would a hacker be able to get into the IDS
Server?  It is my understanding that the presents of the IDS would be
known,
but I can live with that right now.  Are there any other drawbacks?

Sam


-------------------------------------------------------
This SF.NET email is sponsored by: Geek Gift Procrastinating?
Get the perfect geek gift now!  Before the Holidays pass you by.
T H I N K G E E K . C O M      http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users




More information about the Snort-users mailing list