Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: challenges in capturing Gigabit ethernet

from [Rodrigo Barbosa] Network Security [Permanent Link]
Subject: Re: challenges in capturing Gigabit ethernet
Date: Wed, 28 Dec 2005 00:23:38 -0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Dec 23, 2005 at 01:28:19PM +0530, Siddharth Phadnis wrote:

Vendors have long been talking about gigabit ethernet capabilities of
their IDS/IPS. It got me thinking that is it just a simple matter of
installing a gigabit ethernet card in the appliance and capturing the
packets or is there any specialized hardware which is required.

In effect, what all challenges are involved in capturing packets off a
gigabit ethernet network so that packets do not drop. Does it just
involve the hardware or are there some considerations in software too?


Both or either, really.

The main point is the amount of data to be analysed. If we are talking
about an applicance that will only allow the traffic to get past
it after it checks ok, then the problem escalates.

In theory, the problem can be either solved by hardware or software,
or even a mix of both. It involves both cases where a packet drops
or even higher latencies.

The natural advance on hardware is not enough to hold traffic
increase in check, since the number of analysis that need to be
done are also increasing.

This is a simple comment from someone who is not an IDS/IPS expert,
but should cover the heart of the issue. I'm sure someone more
knowledgle will explain it in more details and, most likely,
correct some of my points.

Best Regards,

- -- 
Rodrigo Barbosa <rodrigob@suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDsfcppdyWzQ5b5ckRAl7EAJ0e0SsoJ+j3UPm9/ckW48xNGNPEUACeMNMh
e9jotAs9BKCDdSK0nCROl0Y=
=xVUe
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Tuning false positives, Gary Halleen (ghalleen)
Next by Date:  RE: Tuning false positives, Hazel, Scott A.
Previous by Thread:  Re: challenges in capturing Gigabit ethernet, Mike
Next by Thread:  Re: challenges in capturing Gigabit ethernet, hank . schupp
Indexes:  [Date] [Thread] [Top] [All Lists]