I cannot site specific marketing or survey data. What I shared was
based on my own experience developing networking and security
products including working on a commercial IPS product for over 5 years.
-J
On Nov 8, 2007, at 8:37 PM, snort user wrote:
Jeremy,
Do you have any reference for the information that you provided?
Thanks
On Nov 8, 2007 6:06 PM, Jeremy Bennett <jeremy@deities.org> wrote:
First there are three types of asymmetry in a network that can cause
problems for some times of IPS devices.
1. Connection-level asymmetry: This is the case where a given TCP
connection (up and down stream) is on a single network path but a
separate, identical connection may follow a different path. This is
very common and can cause problems for behavioral systems.
2. Flow-level asymmetry: This is the case where the upstream and
downstream flows in a TCP connection may follow different paths. This
can cause problems for behavioral systems and stateful packet-
inspection.
3. Packet-level asymmetry: This is the case packets within a flow may
be following different routes in a network. This can cause problems
for any IPS except for the most basic packet-filter.
Now in my experience, #1 is very common in medium to large
enterprises that have built for scalability and redundancy. #2 is
common in load-balanced server farms. #3 is not extremely common but
does appear in some instances of a hot-hot redundancy deployment.
-J
On Nov 7, 2007, at 4:42 PM, snort user wrote:
Greetings.
I am sure that most of you know about the asymmetric traffic/
topology
problem in relevance to
IDS/IPS systems.
( By Asymmetric traffic/topology, I mean the case where client to
server packets traverse a different path
in your network compared to server to client packets. Hence the
IDS/IPS see only one side of the conversation)
I am trying to find out how wide this problem really is?
Is it commonly seen in large / enterprise networks ?
Any input is welcome.
Thanks
--------------------------------------------------------------------
--
--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?
module=Form&action=impact&campaign=intro_sfw
to learn more.
--------------------------------------------------------------------
--
--
----------------------------------------------------------------------
--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?
module=Form&action=impact&campaign=intro_sfw
to learn more.
----------------------------------------------------------------------
--
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
