IDS mailing list archives
Re: MPLS IDS question
From: "Surasak H." <surasak.h () gmail com>
Date: Sun, 17 Apr 2005 20:00:00 +0700
Hi there, I think Intrushield also support MPLS frame packet in both IDS and IPS mode. regards, Surasak H. CISA, Security+ On 4/12/05, Dobbelaere, David [NCSBE] <DDOBBELA () ncsbe jnj com> wrote:
Hi Pierre, The MPLS tunnel gets terminated at the CE (Customer Entry) router. If you put an NIDS/NIPS between your network and the CE then you don't need any MPLS protocol decoder on your NIDS to monitor traffic in the tunnel. On top you can enable IOS IDS feature set on the CE to be able to monitor the traffic towards the CE itself. I'm not an MPLS guru myself but this is the path I would follow unless you really need to monitor in the MPLS tunnel for some reason. rgdz, Chewy -----Original Message----- From: Pierre A. Cadieux [mailto:hobbit () theshire com] Sent: Monday, April 04, 2005 6:50 PM To: focus-ids () securityfocus com Subject: MPLS IDS question Hello List, I was wondering if anyone has yet had the pleasure of rolling out an IDS to an MPLS environment? At this point it looks as if MPLS is one of the networking directions being used within my work environment, and I was hoping that someone has already tackled or at least identified any issues that should be considered when planning IDS deployment to monitor MPLS. I am not an MPLS expert, so just getting started with understanding what it is and does/does not provide as far as complexity. Any insight is appreciated. ->Pierre A. Cadieux CISSP -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- MPLS IDS question Pierre A. Cadieux (Apr 06)
- RE: MPLS IDS question Gary Halleen (Apr 06)
- <Possible follow-ups>
- RE: MPLS IDS question Dobbelaere, David [NCSBE] (Apr 15)
- Re: MPLS IDS question David W. Goodrum (Apr 19)
- Re: MPLS IDS question Surasak H. (Apr 19)