IDS mailing list archives
NIPS solutions
From: Andreas Hess <hess () tkn tu-berlin de>
Date: Tue, 20 Apr 2004 20:13:54 +0200
Hi, I am interested in NIPS solutions.Especially I wonder if either single processor or multiple processor machines are used? I just explain my point of view. I realized a simple NIPS that is running on a linux machine. The intrusion prevention system is running as a thread in kernel space. So, each packet that is arriving at the network interface triggers an hardware interrupt that is instantly processed by the Linux OS. Consequently the intrusion prevention thread is interrupted and the higher the traffic load the more often an interrupt occurs. An IPS solution that is running on a dual or multiple processor machine would not suffer under this limitation. But it is a real hassle to get useful information from manufacturers.
Thanks for helping Regards Andreas --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- NIPS solutions Andreas Hess (Apr 20)
- RE: NIPS solutions .Bob Bradley (Apr 21)
- Re: NIPS solutions Mike Frantzen (Apr 21)
- fun piece from Gartner on IDS Anton A. Chuvakin (Apr 23)