-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Trav_2:
You're talking about two separate things. 1) Cisco is a switch and you're talking about a mirror/span port. Though, network taps > Span ports :) 2) Its not the IDS/IPS that is performing that capability, its the switch. So its inaccurate to ask if the IDS/IPS vendors you mentioned can do the same thing. A span port doesn't care whats hooked up to it, whether its Snort or a sniffer. Hope this helps. Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 221 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 Fax: (847) 854-5106 Cell: (847) 456-6785 Web: www.appliedwatch.com Andrew Plato wrote: > If you create a mirror port and plug in any IPS/IDS, it will see the > traffic. TippingPoint, ISS, etc. All can do that. > > Also, pretty much any decent managed switch can have mirror ports. This > is not unique to Cisco. > > Keep in mind, you cannot do real-time IPS (intrusion prevention) in any > reliable manner this way. You have to be IN-LINE to do real-time > blocking and filtering. Passive monitoring off a mirror port only allows > you to send RSTs to stop stuff, and that is not a very reliable way to > block bad stuff. > > ___________________________________ > Andrew Plato, CISSP, CISM > President/Principal Consultant > Anitian Enterprise Security > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of [EMAIL PROTECTED] > Sent: Monday, February 05, 2007 10:44 AM > To: [email protected] > Subject: IPS and Trunking > > Cisco has a great feature where I can configure all traffic on a switch > to go to a trunk port, plug in the IPS/IDS to the trunk port and see all > traffic. Can other vendors, such as Sourcefire, TippingPoint, ISS do > this? > > Thanks, > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from > CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig > n=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > ------------------------------------------------------------------------ > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFy6t31va6QYTV0EMRAuSkAJ4+1WTm+ugpOAK4Ghzv8ooYyFYi1gCfSC69 cXQfDMCJ7O14l+ZnE/lpTsY= =ego2 -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
