Re: Gig TAPs

> Suffice it to say, however, that a tap is a tap is a tap, as far as I've
been able to tell.

If only it were that simple, when they are tested they need to be able to cope with a variety of traffic, as Rob Shein eluded to in a previous post ".... Did they demonstrate it on a network using really large packets, with all traffic of equal packet size and zero fragmentation? Or was it on a real network..... "

How does the tap deal with full duplex, does it rely on you coping with it by providing 2 outputs or does it do it internally on the proviso that once the network reaches it's capacity ie 100Mb/s in either one direction or 50Mb/s in both directions it drops packets.

Is there a fail safe, and almost as importantly does the fail safe kick in instantly.

Then there are the minor issues, how sturdy are they, we had to return one (nameless) because the power connector was loose, losing sensor data everytime we went in the rack.

Overheating, the aircon failed, the servers all managed no problem but the tap died first taking with it the failsafe and therefore the network connection.

Finally and fairly important for me, can I visibly demonstrate to network owners that there is no transmit and therefore that I am not introducing a firewall bypass.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

One of the best I've seen was a hotch potch of fiber/ethernet media converters (3) cobbled together, worked fine but proved expensive and a nightmare finding sufficient power outlets.

Most important of all though is how bright the little LEDs can flash and how many colors ;o)

take care
-andy

Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Peter Schawacker" <pschawacker@nfr.com> To: "'Bawcom, Aaron'" <aaron_bawcom@intrusion.com>; "'Garritano,Robert'" <Robert.Garritano@cna.com>; "'Talisker'" <talisker@networkintrusion.co.uk> Cc: <focus-ids@securityfocus.com>
Sent: Monday, February 03, 2003 6:13 PM
Subject: RE: Gig TAPs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My apologies. I got Intrusion's tap's mixed up with another Netoptics OEM deal. Suffice it to say, however, that a tap is a tap is a tap, as far as I've been able to tell.

Sorry, Aaron. Didn't mean to cast aspersions on Intrusion. The company has some good products and terrific staff (I used to work there :-)).

Mea culpa.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Peter

• -----Original Message----- From: Bawcom, Aaron [mailto:aaron_bawcom@intrusion.com] Sent: Monday, February 03, 2003 10:08 AM To: 'Peter Schawacker'; 'Garritano,Robert' Cc: 'Talisker'; focus-ids@securityfocus.com Subject: RE: Gig TAPs

Not pointing the finger but just clarifying any ambiguity:

"Netoptics is actually the manufacturer of Intrusion's taps" -- False. I work at Intrusion and unless Netoptics 1) got the board schematics 2) are manufacturing them for free 3) breaking into our inventory and putting them in our boxes, then Netoptics has no tie to the Intrusion taps. The Intrusion SecureNet IDS Taps were specifically engineered for IDS applications. More info can be found here (in addition to the URL below):
https://www.intrusion.com/products/downloads/TapPO_1102.pdf

• -----Original Message----- From: Peter Schawacker [mailto:pschawacker@nfr.com] Sent: Friday, January 31, 2003 1:08 PM To: 'Garritano,Robert' Cc: 'Talisker'; focus-ids@securityfocus.com Subject: RE: Gig TAPs
• -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Netoptics is actually the manufacturer of Intrusion's taps. I think I heard that Netoptics makes taps for Finisar (formerly Shomiti) as well. If all taps are made by one company, then it's all about price and support.

http://www.netoptics.com/ http://www.finisar.com/product/product.start.php http://www.intrusion.com/products/product.asp?lngProdNmId=39&lngCatId=4

I've seen taps used in dozens of deployments. Never have I had problems with them.

Peter Schawacker, CISSP
Senior Systems Engineer
NFR Security
43300 Warner Trail
Palm Desert, CA 92211
Office: 760-200-4258
Mobile: 760-221-2404

• - -----Original Message----- From: Talisker [mailto:talisker@networkintrusion.co.uk] Sent: Thursday, January 30, 2003 12:28 PM To: Garritano,Robert; focus-ids@securityfocus.com Subject: Re: Gig TAPs

Robert
> Has anyone used gigabit TAPs in their network? I currently use
> Finisar ehternet TAPs, but are looking for cost, model, etc for gig E
> TAPs.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I recently saw Intrusion Inc's Gigabit TAP demonstrated and it did the business pretty well

• - -andy

Taliskers Network Security Tools http://www.networkintrusion.co.uk - - ----- Original Message -----
From: "Garritano,Robert" <Robert.Garritano@cna.com> To: <focus-ids@securityfocus.com>
Sent: Wednesday, January 29, 2003 5:38 PM Subject: Gig TAPs

> Has anyone used gigabit TAPs in their network? I currently use
> Finisar ehternet TAPs, but are looking for cost, model, etc for gig E
> TAPs.

>

>

>
>
>

• -----BEGIN PGP SIGNATURE----- Version: PGP 8.0

iQA/AwUBPjrJfvZ0MWG5/LasEQJxJgCg8yWnlkIAbY5xlsLoFUZeRjOT7rcAoOoA HQFcWZu84HmEshMWbKCHzCps
=gNyL
- -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPj6xZvZ0MWG5/LasEQIFcACgsfWaOjsf6XRvi8MfB2kwLw0BzLgAoJpN aayIxBcCzqhEa4bXyRkMr086
=8x2p
-----END PGP SIGNATURE----- Received on Wed Feb 5 17:19:17 2003