IDS mailing list archives
Re: IDS and Bandwidth
From: Fergus Brooks <fergwa () gmail com>
Date: Tue, 5 Jul 2005 16:35:57 +0800
Is it possible for you to find out how much the mean traffic is coming to the central node from the various distributed nodes? What flavour of IDS are you using, and on what platform? On 7/5/05, Tony Rall <trall () almaden ibm com> wrote:
On Tuesday, 2005-07-05 at 03:46 GMT, bhaskar.gupta () tcs com wrote:I am working as an IDS operator in my company. Due to big size of the organisation, different IDS nodes are monitoring different centersthrough acentral master node. Since there are lot of incidents ( including false positives ) generated across the organsation, there is a complaint fromournetworking team that IDS is consuming lot of bandwidth over networking I am really not able to figure out how much IDS can eat up networkbandwidth. If you were mirroring all traffic to a central IDS for analysis, that could easily consume all available bandwidth. If you are only forwarding detected positives to the central site, that should normally be less than 1% of the monitored traffic on individual remote links. Only if you had extremely many remote links or relatively low bandwidth into your central site should this result in a significant load on the central links. Tony Rall -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS and Bandwidth bhaskar . gupta (Jul 04)
- Re: IDS and Bandwidth Tony Rall (Jul 05)
- Re: IDS and Bandwidth Fergus Brooks (Jul 05)
- Re: IDS and Bandwidth Michael Boman (Jul 05)
- Re: IDS and Bandwidth David W. Goodrum (Jul 05)
- Re: IDS and Bandwidth Mayank Bhatnagar (Jul 05)
- Re: IDS and Bandwidth Mark Teicher (Jul 05)
- <Possible follow-ups>
- RE: IDS and Bandwidth PPowenski (Jul 05)
- RE: IDS and Bandwidth MailTest (Jul 12)
- RE: IDS and Bandwidth THolman (Jul 13)
- RE: IDS and Bandwidth Nathan Davidson (Jul 15)
- RE: IDS and Bandwidth Michael Allgeier (Jul 17)
- Re: IDS and Bandwidth Tony Rall (Jul 05)