Firewall Wizards mailing list archives
Re: future of IDS
From: Vern Paxson <vern () ee lbl gov>
Date: Fri, 16 Oct 1998 23:39:50 PDT
If you have a switch with 24 ports for 100BaseT, can you then push 1.2Gb/s through it ?
I believe you can push 1.2 Gb/s through it. Doubtless someone on the list knows for sure.
if you have a single 100BaseT monitor port, either than throughput for the entire switch is 100BaseT (serious reduction in performance) or you lose packets on the monitor port.
Yep. Don't know if there are switches with higher speed taps.
(3) get the end hosts to chip in and function as IDS sensors.Similar to the recent COAST project announcement for AAFID ?
Exactly.
In environments where high speed networking is in place (HIPPI, ATM, FDDI) I think a combination of network based and host based is going to be necessary.
It's also the way to address the IDS insertion/evasion attacks discussed in the SNI paper (and a tad in the Bro paper). Vern
Current thread:
- Re: future of IDS, (continued)
- Re: future of IDS Doug Hughes (Oct 23)
- Re: future of IDS Darren Reed (Oct 28)
- Re: future of IDS Doug Hughes (Oct 28)
- RFC blitzkreig server dreamwvr (Oct 23)
- Re: future of IDS Owen O'Connor (Oct 23)
- Re: future of IDS David Lang (Oct 23)
- Re: future of IDS Ken Hardy (Oct 27)
- Re: future of IDS Darren Reed (Oct 23)
- Re: future of IDS Doug Hughes (Oct 23)