[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Best IDS??
This is straight from the product literature: Performance Summary Monitor 100 Mbps of traffic Approximately 47,000 packets per second, with a new flow arrival rate of 1000 per second > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] On > Behalf Of Nick Turnbull > Sent: Friday, November 30, 2001 11:37 AM > To: [email protected] > Subject: Re: [FW-1] Best IDS?? > > > Product Lit for CSIDS Blade for Catalyst 6000! > > http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/ > 6kids_ds.pdf > > -----Original Message----- > From: Carl E. Mankinen [mailto:[email protected]] > Sent: 30, November, 2001 16:22 > To: [email protected] > Subject: Re: [FW-1] Best IDS?? > > > Hardly!, my understanding was that you had to run multiple > IDS blades to > even approach the backplane capacity. > Do you realize the Cisco IDS blade has a maximum of 100Mbps traffic it > can monitor? It uses SPAN and or VLAN monitoring, and last I saw you > couldn't put 30 blades in a 6500 chassis! Was NETRANGER ever a best of > breed product? > > Read this: > http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/ > 6kids_ds.h > tm > > As far as RealSecure bandwidth problems, I never encountered these. > (provided the sensor was a beefy box) > For raw packet decode, tying an NAI DSS Sniffer to RS events works > nicely! I would rather use the sniffer interface anyway. > > Has anyone tested IDS solutions at gigabit speeds and have > any realworld > experience to report? > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[email protected]] On > > Behalf Of Charles Piombi > > Sent: Friday, November 30, 2001 9:56 AM > > To: [email protected] > > Subject: Re: [FW-1] Best IDS?? > > > > > > The best IDS would be Cisco's IDS blades for there 6500 > series switch > > they are non-intrusive and can handle 30 Gig's on the back > plane much > > higher than any other IDS system and you can set it up via vlans for > > internal and external traffic. > > > > That's my two cents! > > > > Thanks Charles Piombi > > > > > > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[email protected]] On > > Behalf Of Enno > > Rey > > Sent: Thursday, November 29, 2001 1:51 PM > > To: [email protected] > > Subject: Re: [FW-1] Best IDS?? > > > > Hi, > > > > don't take RealSecure. They (still) have bandwidth issues, you can't > > write > > your own signatures [which is rather critical for an IDS] and > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > > ______________________________________________________________ > _________________ > Disclaimer > > This email is confidential and intended solely for the use of > the individual to > whom it is addressed. Any views or opinions presented are > solely those of the > author and do not necessarily represent those of the Azlan > Group plc. If you > are not the intended recipient, be advised that you have > received this email in > error and that any use, dissemination, forwarding, printing, > or copying of this > email is strictly prohibited. > > If you have received this email in error please notify the > Azlan Group MIS > Helpdesk by telephone on 44 (0). > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|