Hosting Provided By

RE: IDS using Taps & network bridging

From: Douglas Hart <douglas(at)eu.kddi.com>
Date: Wed Nov 20 2002 - 05:41:57 EST

For taps the bridge interfaces are receiving traffic only so it doesn't matter what traffic is forwarded by the bridge. You only want the traffic received by both bridge interfaces to be available on the logical interface.

Not sure about Linux, but for OpenBSD bridges you can disable Discover (packets do not exit interfaces) and Learn (source addresses are not entered into the cache). After flushing the address cache all packets caught by the two tap interfaces will be seen reassembled on the bridge0 logical interface.

Doug

> > What I've done so far is:
> > -Install 3 NICs in my box
> > -Bridged eth1 & eth2 to br0
> > -started up the bridge
> > -sniffed br0
Received on Fri Nov 22 01:23:00 2002

This message: [ Message body ]
Next message: Kohlenberg, Toby: "RE: IDS responses"
Previous message: Ken Smith: "RE: IDS for DataBase Systems."
Maybe in reply to: oobs3c02(at)attbi.com: "IDS using Taps & network bridging"
In reply to Bryan K. Watson: "RE: IDS using Taps & network bridging"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:04 EDT