Snort mailing list archives
Re: Asymmetric routing and IDS correlation ?
From: Michael Richardson <Michael.Richardson () seawaynetworks com>
Date: Tue, 23 Mar 2004 09:26:04 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"Glenn" == Glenn Forbes Fleming Larratt <glratt () io com> writes:
Glenn> Question 2: [sort of OT for this list] is there a Glenn> standards-based way to make two-way loadsharing Glenn> "per-conversation", as it were, to obviate this issue? Standards based? Not really. The NSIS WG may define some ideas, but generally it is proprietary, or at least, not interesting to outside systems. Maybe your vendor can help you - what are the core/border routers running? What is the speed of the links? Generally, most load balancing these days tries to run a hash over the 5-tuple (src,dst,proto,sport,dport), and balance the has tables. But that isn't universal, and I know of no system that permits you to control things enough. (You'd want to run the hash on the ingress router as (dst,src,proto,dport,sport), and have the border use the same algorithm as the core) Linux, with the "eqn" driver doesn't do any of this at all. - -- ] ON HUMILITY: to err is human. To moo, bovine. [ ] Michael Richardson, Seaway Networks Corporation [ ] michael () seawaynetworks com http://www.seawaynetworks.com/ [ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Finger me for keys iD8DBQFAYEjc22r3dfT9QZERAqSFAJ9ucj0bVmC0lsdh5std6fAshtcmQACffzX4 4fD1Ia0eMZhy8C4VbSsXYlk= =8vWE -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Asymmetric routing and IDS correlation ? Glenn Forbes Fleming Larratt (Mar 23)
- Re: Asymmetric routing and IDS correlation ? Rich Adamson (Mar 23)
- Re: Asymmetric routing and IDS correlation ? Josh Berry (Mar 23)
- Re: Asymmetric routing and IDS correlation ? Jason Haar (Mar 23)
- Re: Asymmetric routing and IDS correlation ? Dirk Geschke (Mar 24)
- Re: Asymmetric routing and IDS correlation ? Michael Richardson (Mar 25)
- <Possible follow-ups>
- RE: Asymmetric routing and IDS correlation ? Biswas, Proneet (Mar 23)