Based on the feedback which we got from our customers on security products,
it appears that this is not un-common, especially in SME deployments. We
don't see this issue if security devices are deployed at the edge though.
When deployment happens in the core of Enterprise networks, these scenarios
are observed.
Stateful security devices fail in these cases as they don't see all packets
of session and due to this they may even drop packets. For example, stateful
security device drops SYN+ACK packet if it did not see SYN packet before.
Due to customer demand, we had to add 'Bypass security processing'
functionality to bypass packets on configured networks to satisfy these
deployments. Of course the default behavior does not bypass any security
processing.
Srini
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of snort user
Sent: Wednesday, November 07, 2007 4:42 PM
To: focus-ids@securityfocus.com
Subject: Asymmetric traffic/topology
Greetings.
I am sure that most of you know about the asymmetric traffic/topology
problem in relevance to
IDS/IPS systems.
( By Asymmetric traffic/topology, I mean the case where client to
server packets traverse a different path
in your network compared to server to client packets. Hence the
IDS/IPS see only one side of the conversation)
I am trying to find out how wide this problem really is?
Is it commonly seen in large / enterprise networks ?
Any input is welcome.
Thanks
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw
to learn more.
------------------------------------------------------------------------
********************************************************************************
This email message (including any attachments) is for the sole use of the
intended recipient(s)
and may contain confidential, proprietary and privileged information. Any
unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient,
please immediately notify the sender by reply email and destroy all copies of
the original message.
Thank you.
Intoto Inc.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
