IDS mailing list archives

Re: Re: Changes in IDS Companies?

From: Aaron Turner <aturner () pobox com>
Date: Sat, 9 Nov 2002 09:22:50 -0800

On Tue, Nov 05, 2002 at 08:32:51AM -0000, Proxy Administrator wrote:



Aiguo Fei wrote :

so you wouldn't miss any attack that it *could* detect.


This is NOT true. If the IDS system doesn't have enough 
processing >power or doesn't have a good enough performance, 
under certain load >it may fail to process(analyze) the packet to 
catch the attack (of >course it has to let it pass through to 
fullfill the inlining >requirement).


Hmmm... is this true for any other system out there which is 
placed inline? I thought this issue would be handled the same way 
a firewall would handle it.


I've gotta agree with Proxy Admin here... failing open is NOT acceptable.
The solution to the performance issue is either a more powerful device or
some means to do load balancing.

-- 
Aaron Turner <aturner at pobox.com|synfin.net>    http://synfin.net/aturner
They that can give up essential liberty to obtain a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

pub 1024D/F86EDAE6  Sig: 3167 CCD6 6081 0FFC B749  9A8F 8707 9817 F86E DAE6
All emails by me are PGP signed; a lack of a signature indicates a forgery.

Attachment: _bin
Description:

Current thread:

RE: Changes in IDS Companies? Kohlenberg, Toby (Nov 02)
- RE: Changes in IDS Companies? Kevin Timm (Nov 04)
- <Possible follow-ups>
- RE: Changes in IDS Companies? Frank Knobbe (Nov 02)
- Re: Re: Changes in IDS Companies? Proxy Administrator (Nov 02)
- Re: Re: Changes in IDS Companies? Proxy Administrator (Nov 09)
  - Re: Re: Changes in IDS Companies? Aaron Turner (Nov 11)
- Re: Changes in IDS Companies? Andrew Plato (Nov 11)
- RE: Changes in IDS Companies? Kohlenberg, Toby (Nov 13)
  - IDS for DataBase Systems. Hemant Ramnani (Nov 13)
- Re: Changes in IDS Companies? Gary Golomb (Nov 13)
  - Re: Changes in IDS Companies? Dominique Brezinski (Nov 13)