IDS mailing list archives
RE: IDS and Bandwidth
From: MailTest <mailtest () gsecone com>
Date: Mon, 11 Jul 2005 11:01:29 +0530
Yes that's right its not easy to come to that conclusion that bandwidth is consumed by IDS. There are few things which you can check for i.eBandwidth fluctuations from your ISP. This happens very frequently in some locations and with some providers. Another way is to do some traffic shaping and control the traffic based on protocol and IP's. More info can be found at lartc.org. There is a possibility that some switch is not working fine or some conjestion taking place.
Raghu you need to ask them how are they arriving at that conclusion. If you are sniffing with taps then there is more impact on your server and none on 'their' wire. Now if you are spanning and they are seeing performance drops on the switche(s) that is not bandwidth on the wire but possibly another problem. You really need to isolate where they are having problems. MOST (maybe not in your case ;-)) network teams I have come across have little idea about where bandwith is consumed they simply start blaming the first item they don't understand once they start encountering problems. -----Original Message----- From: bhaskar.gupta () tcs com [mailto:bhaskar.gupta () tcs com] Sent: 05 July 2005 04:47 To: focus-ids () securityfocus com Subject: IDS and Bandwidth Dear frendz I am working as an IDS operator in my company. Due to big size of the organisation, different IDS nodes are monitoring different centers through a central master node. Since there are lot of incidents ( including false positives ) generated across the organsation, there is a complaint from our networking team that IDS is consuming lot of bandwidth over networking I am really not able to figure out how much IDS can eat up network bandwidth. Please throw some light on this. cheers, Bhaskar ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- NOTICE: This e-mail is intended for the named recipient(s). It may contain privileged and/or confidential information. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail and attachment(s): you must not copy, distribute, retain or take any action in reliance upon the email or attachment(s). While all reasonable efforts are made to safeguard inbound and outbound e-mails, OAG Worldwide Ltd and its affiliate companies cannot guarantee that attachments are virus-free or are compatible with your systems, and does not accept liability in respect of viruses or computer problems experienced. Thank you. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- IDS and Bandwidth bhaskar . gupta (Jul 04)
- Re: IDS and Bandwidth Tony Rall (Jul 05)
- Re: IDS and Bandwidth Fergus Brooks (Jul 05)
- Re: IDS and Bandwidth Michael Boman (Jul 05)
- Re: IDS and Bandwidth David W. Goodrum (Jul 05)
- Re: IDS and Bandwidth Mayank Bhatnagar (Jul 05)
- Re: IDS and Bandwidth Mark Teicher (Jul 05)
- <Possible follow-ups>
- RE: IDS and Bandwidth PPowenski (Jul 05)
- RE: IDS and Bandwidth MailTest (Jul 12)
- RE: IDS and Bandwidth THolman (Jul 13)
- RE: IDS and Bandwidth Nathan Davidson (Jul 15)
- RE: IDS and Bandwidth Michael Allgeier (Jul 17)
- Re: IDS and Bandwidth Tony Rall (Jul 05)