[rescue] Jeez!!! Are ethernet taps are a racket business?
Mike Johnson
mike at enoch.org
Wed Jul 30 21:44:35 CDT 2003
Daniel de Young [daniel at velvetsea.com] wrote:
> It's called port spanning and I believe it's still limited to a single
> VLAN. I've used it on jobs before, but I'm doing some experimenting
> with IDS and honeynets (among other stuff) and I have to use equipment
> that I can cobble together <grin>.
Span ports, port mirroring, traffic monitoring. It's got several names.
But depending on your switch, it's not limited to VLANs in any way,
shape, or form. They can pick up traffic from one or more ports and
copy the traffic to another port, VLANs or no.
> In other words... several Cisco switches are OUT!
Bah. Might be cheaper than $1500. ;)
> I'll prolly hit up the focus-ids list, but most everybody on there is
> well funded and will not have "cobbled" anything together.
You'll find a mix, but a lot of people will direct you to those nasty
cables, which I hate.
Mike
--
"If life hands you lemons, YOU BLOW THOSE LEMONS TO BITS WITH
YOUR LASER CANNONS!" -- Brak
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
More information about the rescue
mailing list