Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

Re: RE: IPS Reliability/Availability
From: y8k0vt3p () yahoo com
Date: 10 Mar 2006 07:42:25 -0000
The primary "con" is that it's a fairly new approach, and therefore it's
difficult to get people on the bandwagon.
- it's hard to convince people that this solution is actually as 
fast (or faster) than an ASIC solution for the same price. ASICs have 
been around a long time, and people have a kind of warm fuzzy from that 
older technology.


I’m wondering why CPU cluster technology that you are deploying is considered new in comparison to ASIC/FPGA/NP 
technology.

Obviously, “software + CPU cluster” technology has some attractive properties.
However, it also has several nasty properties, especially in the IDS space. In addition, the problems get nastier with 
adding more CPUs to the cluster, so there are a limit how many CPUs you can put in a cluster. 
For starters, if your load balancing scheme is based on TCP/UDP port numbers,
            you’ll have a hard time detecting even simple port scan.

- Jack

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]