TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hello,
We are going to use Real Secure Network Sensor incombination with an
ethernet tap-box. Such a device has two output interfaces. See figure. The
output C gives a copy of the traffic that flows from the switch to the
router (C = traffic B->C) and output D gives a copy of the traffic flowing
from the router to the switch (so D = A->B).
--------------
A | Ethernet | B
Router -----------| Tap |---------- switch
| Box |
----| |---
|C -------------- |D = traffic from A to B (inbound
traffic)
| |
\/
to IDS
If we hook up Real Secure to one output (D) of the Tap, we can only monitor
the inbound traffic. Since Real Secure only sees packets going into the
network certain attacks can't be detected. I know of the following three
attacks: unanswered ARP's, IPduplicate and Synflood.
Are there any other attacks that won't be detected?
Thanks,
Frank
P.S. I am familiar with the option to combine output C and D with a VLAN
switch.
