Snort mailing list archives

Re: Asymmetric routing and IDS correlation ?

From: Michael Richardson <Michael.Richardson () seawaynetworks com>
Date: Tue, 23 Mar 2004 09:26:04 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Glenn" == Glenn Forbes Fleming Larratt <glratt () io com> writes:

    Glenn> Question 2: [sort of OT for this list] is there a
    Glenn> standards-based way to make two-way loadsharing
    Glenn> "per-conversation", as it were, to obviate this issue?

  Standards based? Not really.

  The NSIS WG may define some ideas, but generally it is proprietary,
or at least, not interesting to outside systems.  Maybe your vendor
can help you - what are the core/border routers running? What is the
speed of the links?

  Generally, most load balancing these days tries to run a hash over
the 5-tuple (src,dst,proto,sport,dport), and balance the has tables. But
that isn't universal, and I know of no system that permits you to
control things enough.

  (You'd want to run the hash on the ingress router as
(dst,src,proto,dport,sport), and have the border use the same
algorithm as the core)

  Linux, with the "eqn" driver doesn't do any of this at all.

- --
]       ON HUMILITY: to err is human. To moo, bovine.                         [
]   Michael Richardson,            Seaway Networks Corporation                [
]   michael () seawaynetworks com     http://www.seawaynetworks.com/             [
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Finger me for keys

iD8DBQFAYEjc22r3dfT9QZERAqSFAJ9ucj0bVmC0lsdh5std6fAshtcmQACffzX4
4fD1Ia0eMZhy8C4VbSsXYlk=
=8vWE
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Asymmetric routing and IDS correlation ? Glenn Forbes Fleming Larratt (Mar 23)
- Re: Asymmetric routing and IDS correlation ? Rich Adamson (Mar 23)
- Re: Asymmetric routing and IDS correlation ? Josh Berry (Mar 23)
  - Re: Asymmetric routing and IDS correlation ? Jason Haar (Mar 23)
- Re: Asymmetric routing and IDS correlation ? Dirk Geschke (Mar 24)
- Re: Asymmetric routing and IDS correlation ? Michael Richardson (Mar 25)
- <Possible follow-ups>
- RE: Asymmetric routing and IDS correlation ? Biswas, Proneet (Mar 23)