|
||||||||||
Would a simple tap-'device' work in this situation? Where you just connect the RX pair of a nic in your IDS box parrallel to your RX pair on the m0n0, and this for each interface? Don't know about impedance etc, but this should be possible someway (optocouplers?), and safe to 'go around' the firewall this way, since the interfaces cannot be used to transmit anything... just so thoughts... Joachim > -----Original Message----- > From: Brandon W. Holland [mailto:Brandon at cookssaw dot com] > Sent: vrijdag 27 februari 2004 19:39 > To: Andrew Lewis > Cc: m0n0wall at lists dot m0n0 dot ch > Subject: RE: [m0n0wall] IDS integration w/m0n0wall? > > > > This is true, I was making the assumption that the nics are probably > 100baseT and wan speed less is probably 3 or less. > > The hub will cause the cards to move a theoretical 33mbit > max, which is > quite possibly ten times your interface speed. > > If you need faster than that your company more than likely has the > resources for port mirroring (many manageable switches have this > feature) > > Brandon > > > > -----Original Message----- > > From: Andrew Lewis [mailto:andrew at coastal dot com] > > Sent: Friday, February 27, 2004 12:14 PM > > To: Brandon W. Holland > > Cc: m0n0wall at lists dot m0n0 dot ch > > Subject: Re: [m0n0wall] IDS integration w/m0n0wall? > > > > > > > > > > Brandon W. Holland wrote: > > > Think about it like this: > > > > > > A bridge is a two port network switch. > > > > > > You just need to use a basic passive hub (in the old days > called a > > > multiport repeater) to do it. I've seen Ys for cat 5, that > > might work > > > too. > > > > > > > Keep in mind that once you start approaching line speed on the > > full-duplex interfaces things break down. Unless you're > > using something > > like a tap. > > > > For half duplex you are probably ok. > > > > The downside to half duplex and multiple interfaces is timing > > based on > > collisions. If you choose to install an ID on both the WAN and LAN > > sides of the m0n0wall unit to determine which attacks make > it through > > timing will be critical to actually match things up. > > Assuming there's > > sufficient load anyway. > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > ----------------------------------------------- MISSION STATEMENT ----------------------------------------------- Oce enables its customers to manage their documents efficiently and effectively by offering innovative print and document management products and services for professional environments. ----------------------------------------------- DISCLAIMER ----------------------------------------------- This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (0032-2-729.48.11) or by e-mail and delete the material from any computer. Oce-Belgium/Oce-Interservices is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time. This e-mail message does not bring about a contractual obligation for Oce-Belgium/Oce-Interservices. Thank you for your cooperation. For further information about Oce-Belgium/Oce-Interservices please see our website at www.oce.be ----------------------------------------------- |