IDS mailing list archives

Re: 10Gbps IPS - what you need to know

From: Joel M Snyder <Joel.Snyder () Opus1 COM>
Date: Thu, 05 Mar 2009 10:17:08 -0700

Silence is enforcing the points made in earlier email that IPS devices
skip Intrusion analysis upon very small load on the system.  I was
hoping that somebody is going to speak out and prove otherwise.

Actually, this is a 'new' feature for many IPses. For example, Sourcefiredidn't have it as recently as a year ago (although they do now in a particularlyelegant manner).

The Juniper SRX 5800 IPS we just tested last week did NOT pass packets throughun-inspected at high loads, and I don't believe that the SRX even has thatcapability. If the IPS is loaded, the whole system slows down.

http://www.networkworld.com/reviews/2009/022309-juniper-firewall-test.html

I am not totally sure, but I suspect that the IPS-1 (Check Point/NFR) that Itested last year is the same: when it's burdened, packets slow down, not passthrough.



jms


--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms () Opus1 COM                http://www.opus1.com/jms

Current thread:

Re: 10Gbps IPS - what you need to know Ravi Chunduru (Mar 02)
- Re: 10Gbps IPS - what you need to know Ravi Chunduru (Mar 05)
  - Re: 10Gbps IPS - what you need to know Joel M Snyder (Mar 05)
  - Re: 10Gbps IPS - what you need to know Jeremy Bennett (Mar 05)
    - Re: 10Gbps IPS - what you need to know Ravi Chunduru (Mar 05)
  - RE: 10Gbps IPS - what you need to know Addepalli Srini-B22160 (Mar 06)
  - RE: 10Gbps IPS - what you need to know Vikram Phatak (Mar 06)