[ previous ] [ next ] [ threads ]
 From:  "Brandon W. Holland" <Brandon at cookssaw dot com>
 To:  "Andrew Lewis" <andrew at coastal dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IDS integration w/m0n0wall?
 Date:  Fri, 27 Feb 2004 12:39:15 -0600
This is true, I was making the assumption that the nics are probably
100baseT and wan speed less is probably 3 or less.

The hub will cause the cards to move a theoretical 33mbit max, which is
quite possibly ten times your interface speed.

If you need faster than that your company more than likely has the
resources for port mirroring (many manageable switches have this


> -----Original Message-----
> From: Andrew Lewis [mailto:andrew at coastal dot com] 
> Sent: Friday, February 27, 2004 12:14 PM
> To: Brandon W. Holland
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] IDS integration w/m0n0wall?
> Brandon W. Holland wrote:
> > Think about it like this:
> > 
> > A bridge is a two port network switch.
> > 
> > You just need to use a basic passive hub (in the old days called a 
> > multiport repeater) to do it.  I've seen Ys for cat 5, that 
> might work 
> > too.
> > 
> Keep in mind that once you start approaching line speed on the 
> full-duplex interfaces things break down.  Unless you're 
> using something 
> like a tap.
> For half duplex you are probably ok.
> The downside to half duplex and multiple interfaces is timing 
> based on 
> collisions.  If you choose to install an ID on both the WAN and LAN 
> sides of the m0n0wall unit to determine which attacks make it through 
> timing will be critical to actually match things up.  
> Assuming there's 
> sufficient load anyway.