|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Portsentry only mitigates the problem, doesn't solve it. Also, it's not
> something that should be implemented on the LVS. Also having a NIDS on
> the director is a bit suboptimal, since a IDS should at best not be
> detectable and should also be in read-only mode. Either put a second box
> between the networks you need to sniff, preferrably in bridge mode or
> modify your network cables by removing the TX part, so only receiving is
> possible. Both suggestions don't work well with a director.
>
> Regards,
> Roberto Nibali, ratz
Roberto -
While we're touching on this subject here, what kind of a NIDS do people
use inside an LVS setup, and how can it be implemented? This is
interesting.
THanks
- -dant
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDfMeHhTPx3xy3bu0RAkugAJwPNeLUUCq2XG9o85BQ2bL0e4CVPwCbBXw6
7pSLpW6+CNwPnZvkYiXaRmA=
=8/NQ
-----END PGP SIGNATURE-----
|
