Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Multi-Processor based solutions

from [Surya Batchu] Network Security [Permanent Link]
Subject: RE: Multi-Processor based solutions
Date: Sat, 25 Mar 2006 19:07:38 -0800 (PST) 
Thank you for the quick answer. Though this approach
works for many deployments, the load balancing may not
be proper i.e some CPUs get overloaded. This
functionality is challenging in multi-functional
devices where some traffic is IPsec'ed and some not.
Also, there may be conflicting requirements such as
overlapping selectors among the traffic anomaly
policies.

In IPsec case, some traffic falling in the traffic
anomaly policy may not go to the same CPU as clear
traffic as IPsec tunnel itself may be owned some other
CPU.

It seems to me that traffic anomaly is at best best
effort in multi-CPU environments.

Any comments...

Surya


--- "Biswas, Proneet" <pbiswas@ipolicynetworks.com>
wrote:


Hi Surya,
  There could be multiple methods of handling these
issues based on the
kind of architecture desired. One of the most common
methods deployed is
some kind of load balancing based on the IP tuple.
Let us say we want to
handle the case of DoS attacks on particular
servers. In this case, you
could direct all packets belonging to a particular
Destination IP to a
particular CPU. The other mechanism could be load
balancing based on
protocols. Say all traffic anomalies related to HTTP
are handled on a
particular CPU. There could be more advanced load
balancing algorithms
too.

Thanks
Proneet.

-----Original Message-----
From: Surya Batchu [mailto:suryak_batchu@yahoo.com] 
Sent: Wednesday, March 22, 2006 7:04 AM
To: focus-ids@securityfocus.com
Subject: Multi-Processor based solutions


I understand signature based detection and
prevention
works fine in Multi processor solutions. Does
anybody
have any experience on  traffic anomaly based
intrusion detection and rate control?  I wonder how 
effective this would be as different connections
belonging to a policy may end up in different CPUs.
   
Surya


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 



------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.


------------------------------------------------------------------------






__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS vs. IPS deployment feedback, Cojocea, Mike (IST)
Next by Date:  IPS market 2006 analysis, l_touitou1
Previous by Thread:  RE: Multi-Processor based solutions, Biswas, Proneet
Next by Thread:  System call based IDS for linux?, Nomellames nunca
Indexes:  [Date] [Thread] [Top] [All Lists]