Intrusion Detection Systems: Re: Gigabit IDS

[briank () conxion net (Brian Koref)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
I don't know of a product which can do IDS at Gigabit speeds 
without dropping packets.  I've done some testing with ISS 
Realsecure and started dropping packets at about 15Mbps.  Of 
course I was only using a Sparc Ultra 5.  ISS claims that they have 
visibility into higher bandwidths with more robust hardware 
configurations.  Dragon can apparantly handle higher bandwidths, 
although I'm not sure of the numbers.  I conducted an interesting 
test utilizing the TopLayer App switch with ISS RealSecure net 
engines and was able see more traffic.  So, there is a possibility of 
being able to do IDS in a gigabit environment, however you'll need 
to balance traffic using some sort of Application Switch. -BK

On 7 Jul 2000, at 8:07, Jeffrey Dell wrote:

> Archive: http://msgs.securepoint.com/ids
> FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner () uow edu au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
> -----------------------------------------------------------------------------
>
> I know there are many good IDS products out there, but we are in need of a
> solution that can handle gigabit speeds. Are there any products out there
> that can truly handle these high speeds without dropping packets? Has anyone
> used products such as Kane as an IDS solution on gigabit routers/firewalls?
> Thanks in advance,
>
> Jeff