Re: kernel implementations

[Allen Leibowitz <allen () anzen com>]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
John S Flowers wrote:
> Our tests show that we can easily handle 32,000-40,000 packets a second,
> but we're sending realistic traffic to the IDS and not 60 byte packets. 
> I often wonder if we can talk Anzen into doing another real world study
> of IDS speed differences between NFR, Network ICE, RealSecure, CyberCop
> Monitor, etc.  [Allen, you out there?]

We'd love to and we've continued to enhance some of the test tools we
used (http://www.anzen.com/research/nidsbench/) for our internal use

but

many (most) vendors have licenses that specifically exclude publishing benchmark
and/or performance data without permission.  We spent a lot of time getting
permission from the vendors, although some never got back with us.

We (Anzen Computing) will make these 2 offers:

1. We'll redo our performance tests if vendors want to send us a unit/person
     and agree ahead of time to have all data published.

2. We'll make our internal and published tool; test lab; and some personnel available
     to someone writing for a industry publication.  I have made this offer to Greg Shipley.
     Others come to time like Dave Piscatello.

Allen Leibowitz         <allen () anzen com>               http://www.anzen.com
Anzen Computing, Inc.           514 E. Washington               Ann Arbor, MI  48104
+1.734.669.0800 Voice   +1.734.669.0404 FAX