As far as memory serves, the concept of a token ring network consists of passing data along until it reaches the required host machine on the network. At that point, the packets do not forward past the target host. By that reasoning, NIDS will only be partially successful unless you deploy multiple sensors between heavy trafficked links. This will be an arduous task, but having some information should be worthwhile.
Catching some intrusion attempts is better than catching none. Besides, when a hacker is foot printing your network, at some of the basic levels they would scan an entire network (assuming they aren't very careful) and your NIDS should pick up that sort of activity. I'd give it a go just to test it out in a trial run and then start performing some questionable activity on your wire to see what it picks up. >From my experience, if you run nmap or ping sweep your network, NIDS should pick this up and it can be a barometer for how well your NIDS is catching traffic. Make sure to intelligently target the activities to points all around your ring to see what is caught. Good luck! Bejon -----Original Message----- From: Deike, Hagen [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 2:15 AM To: '[EMAIL PROTECTED]' Subject: NIDS on a Token-Ring Hello, does anybody know if it is possible to use a NIDS on a Token-Ring? A far as I can imagine it shouldn't be possible. Any suggestions? regards, Hagen Deike
