At 1:56 PM +1030 11/15/99, Tristan_Ball wrote:
>At 10:02 15/11/99 +1100, YANG YINAN wrote:
>
>>Hi,
>>
>>I'm just wondering Why IDS equipment must be connected to a hub and cannot
>>be connected to a switch?
>>
>>My understanding of IDS is working at Network layer, so what's
>>differences of using a hub or a switch with IDS in a FW environment?
>>
>>Can anyone point me to a right direction?
>
>Most IDS systems work by packet sniffing. Most packet sniffers are
>ineffective on a switch, because only the source and destination machines
>see packets between themselves, rather than everyone on the segment.
Unless the IDS system is a passthrough (dual homed) then it shouldn't matter.
chris
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
