IDS mailing list archives

Re: challenges in capturing Gigabit ethernet

From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Wed, 28 Dec 2005 00:23:38 -0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Dec 23, 2005 at 01:28:19PM +0530, Siddharth Phadnis wrote:

Vendors have long been talking about gigabit ethernet capabilities of
their IDS/IPS. It got me thinking that is it just a simple matter of
installing a gigabit ethernet card in the appliance and capturing the
packets or is there any specialized hardware which is required.

In effect, what all challenges are involved in capturing packets off a
gigabit ethernet network so that packets do not drop. Does it just
involve the hardware or are there some considerations in software too?


Both or either, really.

The main point is the amount of data to be analysed. If we are talking
about an applicance that will only allow the traffic to get past
it after it checks ok, then the problem escalates.

In theory, the problem can be either solved by hardware or software,
or even a mix of both. It involves both cases where a packet drops
or even higher latencies.

The natural advance on hardware is not enough to hold traffic
increase in check, since the number of analysis that need to be
done are also increasing.

This is a simple comment from someone who is not an IDS/IPS expert,
but should cover the heart of the issue. I'm sure someone more
knowledgle will explain it in more details and, most likely,
correct some of my points.

Best Regards,

- -- 
Rodrigo Barbosa <rodrigob () suespammers org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDsfcppdyWzQ5b5ckRAl7EAJ0e0SsoJ+j3UPm9/ckW48xNGNPEUACeMNMh
e9jotAs9BKCDdSK0nCROl0Y=
=xVUe
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

Current thread:

challenges in capturing Gigabit ethernet Siddharth Phadnis (Dec 27)
- Re: challenges in capturing Gigabit ethernet Sanjay Rawat (Dec 27)
  - Re: challenges in capturing Gigabit ethernet Mike (Dec 28)
- Re: challenges in capturing Gigabit ethernet Rodrigo Barbosa (Dec 27)
- <Possible follow-ups>
- Re: challenges in capturing Gigabit ethernet hank . schupp (Dec 27)