I've finally finished a major upgrade to my work on
construction and use of passive network taps.
Granted, the best tap is a commercial tap. But, a
home-built passive network tap can be used quite
successfully to monitor network traffic.
The original paper on construction, with minor
modifications:
http://www.altsec.info/passive-network-tap.html
The new paper on using the tap, with recent test
lab results:
http://www.altsec.info/pnt-sensor-data.html
Anyone who is interested, please feel free to
have a look. For any comments, suggestions, or
corrections, please see the papers for contact
information.
Just my way of saying thanks for all the great
information I get in this list. I hope my many
hours of testing and research benefits someone.
Mark
--
Excellence in InfoSec and Linux
http://www.altsec.info
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
