Firewall Wizards mailing list archives

Re: future of IDS

From: Vern Paxson <vern () ee lbl gov>
Date: Fri, 16 Oct 1998 23:39:50 PDT

If you have a switch with 24 ports for 100BaseT, can you then push 1.2Gb/s
through it ?


I believe you can push 1.2 Gb/s through it.  Doubtless someone on the
list knows for sure.

if you have a single 100BaseT monitor port, either than throughput for the
entire switch is 100BaseT (serious reduction in performance) or you lose
packets on the monitor port.


Yep.  Don't know if there are switches with higher speed taps.

(3) get the end hosts to chip in and function as IDS sensors.


Similar to the recent COAST project announcement for AAFID ?


Exactly.

In environments where high speed networking is in place (HIPPI, ATM, FDDI)
I think a combination of network based and host based is going to be
necessary.


It's also the way to address the IDS insertion/evasion attacks discussed
in the SNI paper (and a tad in the Bro paper).

                Vern

Current thread:

Re: future of IDS, (continued)
- - - Re: future of IDS Doug Hughes (Oct 23)
    - Re: future of IDS Darren Reed (Oct 28)
    - Re: future of IDS Doug Hughes (Oct 28)
- Re: future of IDS Dominique Brezinski (Oct 19)
- Re: future of IDS Brent Huston (Oct 19)
- RE: future of IDS Choi, Byoung (Oct 19)
- Re: future of IDS Dex Wycoff (Oct 19)
  - RFC blitzkreig server dreamwvr (Oct 23)
- Re: future of IDS Vern Paxson (Oct 19)
  - Re: future of IDS Owen O'Connor (Oct 23)
- Re: future of IDS Vern Paxson (Oct 19)
  - Re: future of IDS David Lang (Oct 23)
    - Re: future of IDS Ken Hardy (Oct 27)
- RE: future of IDS Doug Hughes (Oct 19)
  - Re: future of IDS Darren Reed (Oct 23)
    - Re: future of IDS Doug Hughes (Oct 23)
- RE: future of IDS Brock, Todd (Oct 23)
- Re: future of IDS andrew . stewart (Oct 23)
- Re: future of IDS Vern Paxson (Oct 28)
- Re: future of IDS Ryan Russell (Oct 29)
- Re: future of IDS Ryan Russell (Oct 29)

(Thread continues...)