IDS mailing list archives

RE: Multi-Processor based solutions

From: "Biswas, Proneet" <pbiswas () ipolicynetworks com>
Date: Thu, 23 Mar 2006 11:19:44 -0800

Hi Surya,
  There could be multiple methods of handling these issues based on the
kind of architecture desired. One of the most common methods deployed is
some kind of load balancing based on the IP tuple. Let us say we want to
handle the case of DoS attacks on particular servers. In this case, you
could direct all packets belonging to a particular Destination IP to a
particular CPU. The other mechanism could be load balancing based on
protocols. Say all traffic anomalies related to HTTP are handled on a
particular CPU. There could be more advanced load balancing algorithms
too.

Thanks
Proneet.

-----Original Message-----
From: Surya Batchu [mailto:suryak_batchu () yahoo com] 
Sent: Wednesday, March 22, 2006 7:04 AM
To: focus-ids () securityfocus com
Subject: Multi-Processor based solutions


I understand signature based detection and prevention
works fine in Multi processor solutions. Does anybody
have any experience on  traffic anomaly based
intrusion detection and rate control?  I wonder how 
effective this would be as different connections
belonging to a policy may end up in different CPUs.
   
Surya


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Current thread:

Multi-Processor based solutions Surya Batchu (Mar 23)
- <Possible follow-ups>
- RE: Multi-Processor based solutions Biswas, Proneet (Mar 27)
  - RE: Multi-Processor based solutions Surya Batchu (Mar 27)