Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: challenges in capturing Gigabit ethernet

Re: challenges in capturing Gigabit ethernet

From: Michael J. Semaniuk <mike_at_semaniuk.com>
Date: Thu, 29 Dec 2005 10:10:11 -0500

This has always been a problem, but I've found that using an IDS load
balancer does a lot to optimize packet inspection for promiscious devices.

http://www.toplayer.com/content/products/intrusion_detection/ids_balancer.jsp

-Mike

> just to wrap some numbers around that, the worst case scenario for packets
> per second on gigabit ethernet is around 3 million for a full-duplex link
> (2,976,190 per second to be exact).
> it is difficult to just get those packets to your application, much less
> inspect all of them for attacks.
>
> efficent algorithms are essential, you need to very quickly catagorize a
> packet early on in the inspection so that you only do the necissary deep
> analysis. (a over-simplified example would be that you catagorize by ports
> so that you are not looking for IIS exploits in a SMTP session)
>
>
> Mike
>
>
> On Wed, 28 Dec 2005, Sanjay Rawat wrote:
>
>> Its not only installing GB NIC. An IDS/IPS must be capable of processing
>> the packet at that speed. For this purpose, it makes use of HW
>> accelerators, efficient algorithms and data structures.
>> I hope you have some idea now.
>> regards
>> -Sanjay
>>
>> At 01:28 PM 12/23/2005, Siddharth Phadnis wrote:
>> >Hi All,
>> >
>> >Vendors have long been talking about gigabit ethernet capabilities of
>> >their IDS/IPS. It got me thinking that is it just a simple matter of
>> >installing a gigabit ethernet card in the appliance and capturing the
>> >packets or is there any specialized hardware which is required.
>> >
>> >In effect, what all challenges are involved in capturing packets off a
>> >gigabit ethernet network so that packets do not drop. Does it just
>> >involve the hardware or are there some considerations in software too?
>> >
>> >Regards,
>> >Siddharth

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Jan 02 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos