IDS mailing list archives

Re: IPS Reliability/Availability

From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 20 Feb 2006 11:46:14 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And as I said, it's not solely up to me to make happen but I'd liketo get some independent verification out there myself to give peopleverification of our performance testing. People are rightfullyskeptical in this hype-driven industry, nothing proves a point like a3rd party test and Sourcefire has always been successful at backingup our claims.


     -Marty

On Feb 20, 2006, at 9:47 AM, Alan Shimel wrote:

Marty with all due respect, I would like to see the 3rd partyresults with

real world traffic to prove the bandwidth claims in full IPS mode

alan


StillSecure
Alan Shimel
Chief Strategy Officer

O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel () stillsecure com
blog http://ashimmy.typepad.com

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]
Sent: Sunday, February 19, 2006 11:29 PM
To: ashimel () stillsecure com

Cc: 'David Williams'; geek_brigades () yahoo com; focus-ids () securityfocus com;

'Rajat Bhargava'
Subject: Re: IPS Reliability/Availability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Feb 19, 2006, at 7:40 PM, Alan Shimel wrote:

Marty

Correct me if I am wrong, but that is on the bivio box correct?


Yes, we're OEM'ing the Bivio chassis.

Interestingly our tests on this platform were well below the
advertised
rates.  Are you planning any 3rd party testing of it?


I'm not sure what performance numbers you're referring to but I won't
speculate.  Much like Snort, you can't just take a stock build and
put it on a system and expect it to achieve maximum performance, we
have significant engineering resources available and a close
relationship with the manufacturer to get our application performance
where we want it to be.  We've managed to achieve the maximum
performance available with the chassis as it's configured today
subject to max bandwidth available with the backplane architecture.

There is an update that will be available RSN that will increase the
throughput of the backplane as well as adding some other performance
features to the chassis.  For existing customers it'll be a firmware
upgrade (back to the investment protection thing) and I think
everyone who has one will like the results.

As for 3rd party testing, we typically participate in those sorts of
tests but its subject to the Sourcefire marketing team's bandwidth
and our production schedule.  We also have an extensive multi-gigabit
testing environment in our labs and have tested the chassis
extensively, from what I understand many of our customers and
prospects consider our performance claims across our product lines to
be rather conservative but you can take that with the appropriate
amount of salt.

     -Marty

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD+UWcqj0FAQQ3KOARAqURAJsE/1/fBmE/ZSvLWnydvvRigYtgNQCfU8Iq
+lpXCbh2H0eTGliGLAa2PGA=
=rrKo
-----END PGP SIGNATURE-----


- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD+fJWqj0FAQQ3KOARAjkfAJ47LWaVOtRji6GqySDgDyEj1HpzOACbBlhK
GlSg1M3jpWlE8QJAJPHE8yI=
=FRKV
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

------------------------------------------------------------------------

Current thread:

Re: IPS Reliability/Availability, (continued)
- Re: IPS Reliability/Availability FinAckSyn (Feb 07)
  - Re: IPS Reliability/Availability Richard Bejtlich (Feb 21)
- RE: IPS Reliability/Availability CraigPaterson (Feb 06)
- RE: IPS Reliability/Availability Andrew Plato (Feb 07)
  - Re: IPS Reliability/Availability David Williams (Feb 13)
    - Re: IPS Reliability/Availability Bob Walder (Feb 13)
    - Re: IPS Reliability/Availability Martin Roesch (Feb 19)
    - RE: IPS Reliability/Availability Alan Shimel (Feb 21)
    - Re: IPS Reliability/Availability Martin Roesch (Feb 21)
    - RE: IPS Reliability/Availability Alan Shimel (Feb 21)
    - Re: IPS Reliability/Availability Martin Roesch (Feb 21)
    - Re: IPS Reliability/Availability Bob Walder (Feb 22)
    - Re: IPS Reliability/Availability Sap . (Feb 24)
    - Re: IPS Reliability/Availability Bob Walder (Feb 24)
    - Re: IPS Reliability/Availability Gwendolynn ferch Elydyr (Feb 26)
    - RE: IPS Reliability/Availability Mike Barkett (Feb 19)
    - RE: IPS Reliability/Availability Alan Shimel (Feb 21)
    - Re: IPS Reliability/Availability Bob Walder (Feb 22)
    - Re: IPS Reliability/Availability David W. Goodrum (Feb 19)
    - Re: IPS Reliability/Availability Mike Smith (Feb 22)
  - Re: IPS Reliability/Availability Martin Roesch (Feb 19)

(Thread continues...)