IDS mailing list archives

RE: NIPS solutions

From: ".Bob Bradley" <bbradley () beadwindow com>
Date: Tue, 20 Apr 2004 20:43:46 -0400

I know of one solution from Beadwindow that, for high end applications,
uses a dual Xeon processor based platform.

bb

-----Original Message-----
From: Andreas Hess [mailto:hess () tkn tu-berlin de]
Sent: Tuesday, April 20, 2004 2:14 PM
To: focus-ids
Subject: NIPS solutions

Hi,

I am interested in NIPS solutions.
Especially I wonder if either single processor or multiple processor 
machines are used?
I just explain my point of view. I realized a simple NIPS that is 
running on a linux machine. The intrusion prevention system is running 
as a thread in kernel space. So, each packet that is arriving at the 
network interface triggers an hardware interrupt that is instantly 
processed by the Linux OS. Consequently the intrusion prevention thread 
is interrupted and the higher the traffic load the more often an 
interrupt occurs.
An IPS solution that is running on a dual or multiple processor machine 
would not suffer under this limitation. But  it is a real hassle to get 
useful  information from manufacturers.

Thanks for helping
Regards
Andreas

---------------------------------------------------------------------------

---------------------------------------------------------------------------

---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

NIPS solutions Andreas Hess (Apr 20)
- RE: NIPS solutions .Bob Bradley (Apr 21)
- Re: NIPS solutions Mike Frantzen (Apr 21)
- fun piece from Gartner on IDS Anton A. Chuvakin (Apr 23)