Firewall Wizards mailing list archives

Re: IDS: Net Ranger vs. RealSecure vs. NFR

From: Robert Graham <robert_david_graham () yahoo com>
Date: Tue, 6 Jul 1999 16:16:29 -0700 (PDT)

I hate to do this, but....

BlackICE can handle fully loaded 100-mbps without too much trouble. You can get
an eval if you send a request to "sales () networkice com" and give a fax number
for the eval agreement.

It also currently detects more signatures than RealSecure, NetRanger, or NFR
variants. The current list can be found at: 
http://netice.com/advice/intrusions

I can attest to the high analysis rate because I run it on personal workstation
at 148,800 frames/second of TCP/IP traffic. I have to tweak it massively
(choose just the right card, tweak buffers and processor affinity, etc.) to get
those numbers, but I think it will work fine in an average environment with
50,000 180-byte packets/second.

The downside is that it currently runs only on WinNT (though a non-promiscuous,
"personal" version runs on Win95/Win98). Also, to reach those traffic rates,
you need a dual-CPU machine and a high-end NIC.

Rob.

--- SiOL CERT <cert () siol net> wrote:

Hi.

I have two intrusion detection systems on a trial run, but have to chose the 
big winner. Both of them have been recommended as the cream of the crop and 
'best money can buy', but from the wrong persons.

One of them is Cisco's Net Ranger Director, which uses HP OpenView as a GUI 
(not prefered) and other one is ISS' Real Secure, which is a bit of a pain 
because I'd need to set a machine on each segment of the network I want to 
monitor.

The third IDS is my personal favorite NFR's Network Flight Recorder (ever 
since I read the white paper), but I need more informations about all of the 
mentioned IDS systems (especially cons, pros are more or less known).

The network in question is an ISP's public part of the system, which means I 
need some detection system than can swallow more than 70Mbit traffic on the 
fly.

Thanks in advance,

Saso



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Current thread:

IDS: Net Ranger vs. RealSecure vs. NFR SiOL CERT (Jul 05)
- Re: IDS: Net Ranger vs. RealSecure vs. NFR Carric Dooley (Jul 06)
- <Possible follow-ups>
- Re: IDS: Net Ranger vs. RealSecure vs. NFR Vin McLellan (Jul 06)
- Re: IDS: Net Ranger vs. RealSecure vs. NFR Robert Graham (Jul 08)