IDS mailing list archives
Re: need help
From: Stefano Zanero <stefano.zanero () ieee org>
Date: Tue, 10 Aug 2004 18:52:51 +0200
tcp fin wrote:
2. Throuput (If its Inline)
Actually, if the IDS is IN line you actually want to care about the _response time_ of the device (i.e. the additional delay it adds to packet RTT times), which is not exactly the same thing as the throughput.
If the IDS is _on line_ but not _in line_ (i.e. a pure sniffer, not acting as a gateway, like most IDS products with no IPS capabilities) you must all the same take into account the _throughput_ of the device, since if the throughput is not high enough, the device will lose packets, and therefore lose attacks.
You must also remember that even if your average network usage is some X value, you must take into account network bursts, and do appropriate capacity planning studies.
Stefano -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- need help Naga Raju Peddisetty (Aug 09)
- <Possible follow-ups>
- need help Gudumba Raj MSc (Aug 09)
- RE: need help Bill Royds (Aug 09)
- Re: need help tcp fin (Aug 10)
- Re: need help Stefano Zanero (Aug 11)
- Re: need help tcp fin (Aug 16)
- RE: need help Javier Otero De Alba (Aug 09)