At 10:02 15/11/99 +1100, YANG YINAN wrote:
>Hi,
>
>I'm just wondering Why IDS equipment must be connected to a hub and cannot
>be connected to a switch?
>
>My understanding of IDS is working at Network layer, so what's
>differences of using a hub or a switch with IDS in a FW environment?
>
>Can anyone point me to a right direction?
Most IDS systems work by packet sniffing. Most packet sniffers are
ineffective on a switch, because only the source and destination machines
see packets between themselves, rather than everyone on the segment.
:-)
T.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
