FAQ: See http://www.ticm.com/kb/faq/idsfaq.html IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems.. Then email questions to ids-owner@uow.edu.au NOTE: You MUST remove this line from reply messages as it will be filtered. SPAM: DO NOT send unsolicted mail to this list. USUB: email "unsubscribe ids" to majordomo@uow.edu.au --------------------------------------------------------------------------- Another alternative solution would be to use a network tap to tap the physical connection between the router and the switch. The intrusion detection engine can then plug into the "analyzer/monitor" ports to capture wire traffic. Has anyone else used this setup ? Sridhar > -----Original Message----- > From: bkho@umac.mo [mailto:bkho@umac.mo] > Sent: Friday, April 09, 1999 1:21 AM > To: ids@uow.edu.au > Subject: Re: IDS: Security assessment tools > > > FAQ: See http://www.ticm.com/kb/faq/idsfaq.html > IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html > HELP: Having problems.. Then email questions to ids-owner@uow.edu.au > NOTE: You MUST remove this line from reply messages as it > will be filtered. > SPAM: DO NOT send unsolicted mail to this list. > USUB: email "unsubscribe ids" to majordomo@uow.edu.au > -------------------------------------------------------------- > ------------- > > > > > From: bkho@UMAC on 04/09/99 04:21 PM > > > I saw someone wrote that: > > "... To keep an eye on data running over our network, we > primarily use ISS's > Real Secure. It watches the network for certain attack > signature,..... Now there > is one problem that could arise by using RealSecure. > Obviously, what it's doing > is throwing the interface card into promiscuous mode, and > sniffing the network. > Now this works just fine if you're using a standard hub, but > if you're using > switched hub (which prevents sniffing, which is a good > thing), RealSecure is > useless. So, what we did was get an HPSwitch, which will > allow switching for > every port, except a "Master Port" which can be configured to > receive all data. > So, the only machine on our network which can sniff, is the > network monitoring > station. Another alternative to this would be to set up a > sort of switch DMZ > (de-militarized zone), where the data coming in from your > router would to to a > primary un-switched hub, ......." > > Any comment or solutions? > > Fiona > >