TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
These are indeed the only attacks not seen when using this configuraiton
unanswered ARP's, IPduplicate and Synflood.
Brian
We are going to use Real Secure Network Sensor incombination with an
ethernet tap-box. Such a device has two output interfaces. See figure.
The
output C gives a copy of the traffic that flows from the switch to the
router (C = traffic B->C) and output D gives a copy of the traffic
flowing
from the router to the switch (so D = A->B).
--------------
A | Ethernet | B
Router -----------| Tap |---------- switch
| Box |
----| |---
|C -------------- |D = traffic from A to B (inbound
traffic)
| |
\/
to IDS
If we hook up Real Secure to one output (D) of the Tap, we can only
monitor
the inbound traffic. Since Real Secure only sees packets going into
the
network certain attacks can't be detected. I know of the following
three
attacks: unanswered ARP's, IPduplicate and Synflood.
Are there any other attacks that won't be detected?
Thanks,
Frank
P.S. I am familiar with the option to combine output C and D with a
VLAN
switch.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5
iQCVAwUBOYiKnYSi4VqTDp53AQF9+AP+INGMIcf9GCjSenc6der1Dngs+JPYGPDA
5ctzXJquVNy2cVLW8m/Ej7UAX9Mo+gM+4xfSzKmbFJ97akNEqYhNCGOrPcz08MCz
VXsSkBUsH0mx6yJqQ8DV9gTLLtX65vW0fU94usTeZkmHghVZWqfk+isee32Bs43Q
SaCPzZTeqkM=
=Wvq8
-----END PGP SIGNATURE-----
