[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Proventia Devices (Fiber packet captures)



Actually both the A604 and A1204 support Log Evidence.  This feature was added to the higher-end Proventias last year, and it provides for raw packet capture and display of the packet on the SiteProtector Console.  You don't have to use any additional software such as tcpdump.

It is the packet that triggered the event that gets forwarded to SiteProtector.  The only possible drawback is that only one packet is captured.  I have had several customers ask for multiple packet capture, and we are researching that implementation, but right now a single packet is captured.

So unless I missed something you should be OK.  Hopefully this is good news.

Bob

-----Original Message-----
From: issforum-admin@xxxxxxxxxxxxxxxx On Behalf Of HACKER, ERIC W
Sent: Tuesday, January 27, 2004 10:35 PM
To: Reeves, Mike; issforum@xxxxxxxxxxxxxxxx
Subject: RE: [ISSForum] Proventia Devices (Fiber packet captures)


One issue with the multiport Proventias (A604 and A1204) is the inability to
do raw packet captures on the IDS interfaces with tcpdump or the like. When
one does an ifconfig the fiber interfaces are not even listed.

This is a serious impediment to troubleshooting IDS issues as well as
testing the installation in a complex environment.

If I had thought to test that before we started deploying them, I might not
have ordered any.

Eric Hacker, Enterprise Security Information Architect, FleetBoston
Financial


> -----Original Message-----
> From: Reeves, Mike [mailto:Mike.Reeves@xxxxxx]
> Sent: Tuesday, December 30, 2003 3:51 PM
> To: 'issforum@xxxxxxx'
> Subject: [ISSForum] Proventia Devices
> 
> Anyone have any good or bad experiences dealing with Proventia? Looking
> for
> information on grunt level management of the devices, such as maintaining
> the device, updating it, wacky issues etc.
> 
> Thanks,
> 
> Mike

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo