No subject

Thu Nov 23 16:36:19 EST 2017

Since you're only monitoring between the cable modem and the firewall,
putting a hub in between the two is almost the exact same thing as
putting a tap between. As for the hacker...the only way that I can think
of for him to be able to access your IDS box would be to come through
your firewall and access the internal nic.  No one should be able to
even detect that you have the unassigned nic sitting outside the
firewall listening.  If you were doing flexresp or something like that I
guess its conceivable that someone could figure out that you have an

Hope that helps, I'm sure someone will correct me if I missed/messed


-----Original Message-----
From: Carleton, Sam (SCI TW) [mailto:Sam_Carleton_TW at ...7796...]=20
Sent: Thursday, December 19, 2002 12:21 PM
To: 'snort-users at'
Subject: [Snort-users] To TAP or HUB?


I understand the point of using a TAP with an IDS, but is it a must?
is the drawback to simply using a HUB?  I ask because a TAP is a bit
for the house, or at least right now.  My thought is this:  I put a HUB
between the cable modem and firewall.  Then I plug in the second NIC of
IDS Server, but never assign an IP address.  Then turn on snort to
listen to
that NIC.  Would that work?  Would a hacker be able to get into the IDS
Server?  It is my understanding that the presents of the IDS would be
but I can live with that right now.  Are there any other drawbacks?


This SF.NET email is sponsored by: Geek Gift Procrastinating?
Get the perfect geek gift now!  Before the Holidays pass you by.
T H I N K G E E K . C O M
Snort-users mailing list
Snort-users at
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list