Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Suggestion for IDS

from [Paul Schmehl] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Suggestion for IDS
Date: Wed, 28 Sep 2005 18:15:39 -0500
--On Wednesday, September 28, 2005 17:48:59 +0100 "Paul S. Brown" <pol@geekstuff.tv> wrote:

On Wednesday 28 September 2005 16:56, Michael Holstein wrote: 
> If you NAT a lot, PIX can't handle the load.  It also isn't flexible
> enough.

Huh? .. the FWSM (which is PIX and you can have 4 of them in a chassis)
can handle 100 intefaces, 5gpbs, 100k CPS, and 1M concurrent per blade.

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/

Show me an OpenBSD system that can handle 400 interfaces, 20gbps, and 4M
connections (and can do HSRP, etc).

(I'm not trying to start an open-source "holy war" on a newsgrop .. I
use pf too, where I need the granularity -- just not on the whole
network).


I suspect the argument here has to be cost-for-cost - in the price range
for a  decent beefy OpenBSD box you aren't going to be using FWSMs, and I
can quite  believe that the PIXen in that price range don't perform - the
PIX 501 is  specced at 60MB/s throughput and the cheapest retail price I
can find for it  is $678 for the unlimited license version - for the same
money you can get a  beefy PC which will push quite a bit more than 60MB/s

$678? Ours were in the mid five figure range. You must be talking about SOHO units.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] IDS features (was: Suggestion for IDS), Kevin Pawloski
Next by Date:  Re: [Full-disclosure] Suggestion for IDS, Paul Schmehl
Previous by Thread:  Re: [Full-disclosure] Suggestion for IDS, Valdis . Kletnieks
Next by Thread:  Re: [Full-disclosure] Suggestion for IDS, Michael Holstein
Indexes:  [Date] [Thread] [Top] [All Lists]