IDS: Re: High availability design of NIDS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

Re: High availability design of NIDS

From: Jon Hart <warchild () spoofed org>
Date: Wed, 23 Feb 2005 14:43:41 -0500

On Tue, Feb 22, 2005 at 03:47:03PM -0600, Michael Allgeier wrote:

OpenBSD + CARP + snort = failover NIDS


Only partially true -- CARP will only allow you to do IP failover.  But
that won't help you if, say, the snort process dies or is otherwise
unreachable. That situation should be fairly rare, but it is something
to consider.

-jon

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

By Date By Thread

Current thread:

Re: High availability design of NIDS, (continued)
- RE: High availability design of NIDS Gary Halleen (Feb 23)
- Re: High availability design of NIDS Drew Simonis (Feb 22)
- Re: High availability design of NIDS Michael Allgeier (Feb 23)
  - Re: High availability design of NIDS Jon Hart (Feb 24)
  - Re: High availability design of NIDS SandroMelo-CSO (Feb 24)