Re: MPLS IDS question

["Surasak H." <surasak.h () gmail com>]

Hi there,

I think Intrushield also support MPLS frame packet in both IDS and IPS mode.

regards,

Surasak H.
CISA, Security+

On 4/12/05, Dobbelaere, David [NCSBE] <DDOBBELA () ncsbe jnj com> wrote:
> Hi Pierre,
>
> The MPLS tunnel gets terminated at the CE (Customer Entry) router.
> If you put an NIDS/NIPS between your network and the CE then you don't need
> any MPLS protocol decoder on your NIDS to monitor traffic in the tunnel.
> On top you can enable IOS IDS feature set on the CE to be able to monitor
> the traffic towards the CE itself.
> I'm not an MPLS guru myself but this is the path I would follow unless you
> really need to monitor in the MPLS tunnel for some reason.
>
> rgdz,
> Chewy
>
>
> -----Original Message-----
> From: Pierre A. Cadieux [mailto:hobbit () theshire com]
> Sent: Monday, April 04, 2005 6:50 PM
> To: focus-ids () securityfocus com
> Subject: MPLS IDS question
>
> Hello List,
>
> I was wondering if anyone has yet had the pleasure of rolling out an IDS to
> an MPLS environment?
>
> At this point it looks as if MPLS is one of the networking directions being
> used within my work environment, and I was hoping that someone has already
> tackled or at least identified any issues that should be considered when
> planning IDS deployment to monitor MPLS.
>
> I am not an MPLS expert, so just getting started with understanding what it
> is and does/does not provide as far as complexity.
>
> Any insight is appreciated.
>
> ->Pierre A. Cadieux CISSP
>
> --------------------------------------------------------------------------
> Stop hurting your network!
>
> The NeVO passive vulnerability sensor continuously finds vulnerabilities,
> applications and new hosts without the need for network scanning.
> It also finds compromised systems with application-based intrusion
> detection.
> Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
> --------------------------------------------------------------------------
>
> --------------------------------------------------------------------------
> Stop hurting your network!
>
> The NeVO passive vulnerability sensor continuously finds vulnerabilities,
> applications and new hosts without the need for network scanning.
> It also finds compromised systems with application-based intrusion
> detection.
> Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
> --------------------------------------------------------------------------
>
> --------------------------------------------------------------------------
> Stop hurting your network!
>
> The NeVO passive vulnerability sensor continuously finds vulnerabilities,
> applications and new hosts without the need for network scanning.
> It also finds compromised systems with application-based intrusion detection.
> Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
> --------------------------------------------------------------------------

--------------------------------------------------------------------------
Stop hurting your network!

The NeVO passive vulnerability sensor continuously finds vulnerabilities,
applications and new hosts without the need for network scanning.
It also finds compromised systems with application-based intrusion detection.
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------