IDS mailing list archives

Asymmetric traffic/topology

From: "snort user" <snort.user () gmail com>
Date: Wed, 7 Nov 2007 19:42:20 -0500

Greetings.

I am sure that most of you know about the asymmetric traffic/topology
problem in relevance to
IDS/IPS systems.
( By Asymmetric traffic/topology, I mean the case where client to
server packets traverse a different path
in your network compared to server to client packets. Hence the
IDS/IPS see only one side of the conversation)

I am trying to find out how wide this problem really is?
Is it commonly seen in large / enterprise networks ?

Any input is welcome.

Thanks

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Asymmetric traffic/topology snort user (Nov 08)
- RE: Asymmetric traffic/topology Bergen, Matt (Nov 09)
- RE: Asymmetric traffic/topology Srinivasa Addepalli (Nov 09)
- Re: Asymmetric traffic/topology Jeremy Bennett (Nov 09)
  - Re: Asymmetric traffic/topology snort user (Nov 09)
    - Re: Asymmetric traffic/topology Jeremy Bennett (Nov 09)
  - Re: Asymmetric traffic/topology Ravi Chunduru (Nov 09)
  - Re: Asymmetric traffic/topology Adam Powers (Nov 13)
    - Re: Asymmetric traffic/topology Jeremy Bennett (Nov 13)
    - Re: Asymmetric traffic/topology Roland Dobbins (Nov 14)
    - RE: Asymmetric traffic/topology Nelson Brito (Nov 27)