Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: challenges in capturing Gigabit ethernet

from [Mike] Network Security [Permanent Link]
Subject: Re: challenges in capturing Gigabit ethernet
Date: Wed, 28 Dec 2005 12:42:41 -0500 (EST) 
just to wrap some numbers around that, the worst case scenario for packets 
per second on gigabit ethernet is around 3 million for a full-duplex link 
(2,976,190 per second to be exact). 
it is difficult to just get those packets to your application, much less 
inspect all of them for attacks.

efficent algorithms are essential, you need to very quickly catagorize a 
packet early on in the inspection so that you only do the necissary deep 
analysis. (a over-simplified example would be that you catagorize by ports 
so that you are not looking for IIS exploits in a SMTP session)


Mike


On Wed, 28 Dec 2005, Sanjay Rawat wrote:


Its not only installing GB NIC. An IDS/IPS must be capable of processing 
the packet at that speed. For this purpose, it makes use of HW 
accelerators, efficient algorithms and data structures.
I hope you have some idea now.
regards
-Sanjay

At 01:28 PM 12/23/2005, Siddharth Phadnis wrote:

Hi All,

Vendors have long been talking about gigabit ethernet capabilities of
their IDS/IPS. It got me thinking that is it just a simple matter of
installing a gigabit ethernet card in the appliance and capturing the
packets or is there any specialized hardware which is required.

In effect, what all challenges are involved in capturing packets off a
gigabit ethernet network so that packets do not drop. Does it just
involve the hardware or are there some considerations in software too?

Regards,
Siddharth




Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 422
Website : www.intoto.com
   Homepage: http://sanjay-rawat.tripod.com






------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: on TASL correlation rules, Augusto Paes de Barros
Next by Date:  RE: Tuning false positives (Nessus in CS-MARS), rgula@tenablesecurity.com
Previous by Thread:  Re: challenges in capturing Gigabit ethernet, Sanjay Rawat
Next by Thread:  Re: challenges in capturing Gigabit ethernet, Rodrigo Barbosa
Indexes:  [Date] [Thread] [Top] [All Lists]