Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: IPS Reliability/Availability

Re: IPS Reliability/Availability

From: Martin Roesch <roesch_at_sourcefire.com>
Date: Sun, 19 Feb 2006 23:29:16 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Feb 19, 2006, at 7:40 PM, Alan Shimel wrote:

> Marty
>
> Correct me if I am wrong, but that is on the bivio box correct?

Yes, we're OEM'ing the Bivio chassis.

> Interestingly our tests on this platform were well below the
> advertised
> rates. Are you planning any 3rd party testing of it?

I'm not sure what performance numbers you're referring to but I won't
speculate. Much like Snort, you can't just take a stock build and
put it on a system and expect it to achieve maximum performance, we
have significant engineering resources available and a close
relationship with the manufacturer to get our application performance
where we want it to be. We've managed to achieve the maximum
performance available with the chassis as it's configured today
subject to max bandwidth available with the backplane architecture.

There is an update that will be available RSN that will increase the
throughput of the backplane as well as adding some other performance
features to the chassis. For existing customers it'll be a firmware
upgrade (back to the investment protection thing) and I think
everyone who has one will like the results.

As for 3rd party testing, we typically participate in those sorts of
tests but its subject to the Sourcefire marketing team's bandwidth
and our production schedule. We also have an extensive multi-gigabit
testing environment in our labs and have tested the chassis
extensively, from what I understand many of our customers and
prospects consider our performance claims across our product lines to
be rather conservative but you can take that with the appropriate
amount of salt.

     -Marty

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD+UWcqj0FAQQ3KOARAqURAJsE/1/fBmE/ZSvLWnydvvRigYtgNQCfU8Iq
+lpXCbh2H0eTGliGLAa2PGA=
=rrKo
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Feb 21 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos