IDS mailing list archives
Re: 10Gbps IPS - what you need to know
From: Joel M Snyder <Joel.Snyder () Opus1 COM>
Date: Thu, 05 Mar 2009 10:17:08 -0700
Silence is enforcing the points made in earlier email that IPS devices skip Intrusion analysis upon very small load on the system. I was hoping that somebody is going to speak out and prove otherwise.
Actually, this is a 'new' feature for many IPses. For example, Sourcefire didn't have it as recently as a year ago (although they do now in a particularly elegant manner).
The Juniper SRX 5800 IPS we just tested last week did NOT pass packets through un-inspected at high loads, and I don't believe that the SRX even has that capability. If the IPS is loaded, the whole system slows down.
http://www.networkworld.com/reviews/2009/022309-juniper-firewall-test.htmlI am not totally sure, but I suspect that the IPS-1 (Check Point/NFR) that I tested last year is the same: when it's burdened, packets slow down, not pass through.
jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 jms () Opus1 COM http://www.opus1.com/jms
Current thread:
- Re: 10Gbps IPS - what you need to know Ravi Chunduru (Mar 02)
- Re: 10Gbps IPS - what you need to know Ravi Chunduru (Mar 05)
- Re: 10Gbps IPS - what you need to know Joel M Snyder (Mar 05)
- Re: 10Gbps IPS - what you need to know Jeremy Bennett (Mar 05)
- Re: 10Gbps IPS - what you need to know Ravi Chunduru (Mar 05)
- RE: 10Gbps IPS - what you need to know Addepalli Srini-B22160 (Mar 06)
- RE: 10Gbps IPS - what you need to know Vikram Phatak (Mar 06)
- Re: 10Gbps IPS - what you need to know Ravi Chunduru (Mar 05)