IDS mailing list archives
Re: challenges in capturing Gigabit ethernet
From: Mike <mike () jeke fdns net>
Date: Wed, 28 Dec 2005 12:42:41 -0500 (EST)
just to wrap some numbers around that, the worst case scenario for packets per second on gigabit ethernet is around 3 million for a full-duplex link (2,976,190 per second to be exact). it is difficult to just get those packets to your application, much less inspect all of them for attacks. efficent algorithms are essential, you need to very quickly catagorize a packet early on in the inspection so that you only do the necissary deep analysis. (a over-simplified example would be that you catagorize by ports so that you are not looking for IIS exploits in a SMTP session) Mike On Wed, 28 Dec 2005, Sanjay Rawat wrote:
Its not only installing GB NIC. An IDS/IPS must be capable of processing the packet at that speed. For this purpose, it makes use of HW accelerators, efficient algorithms and data structures. I hope you have some idea now. regards -Sanjay At 01:28 PM 12/23/2005, Siddharth Phadnis wrote:Hi All, Vendors have long been talking about gigabit ethernet capabilities of their IDS/IPS. It got me thinking that is it just a simple matter of installing a gigabit ethernet card in the appliance and capturing the packets or is there any specialized hardware which is required. In effect, what all challenges are involved in capturing packets off a gigabit ethernet network so that packets do not drop. Does it just involve the hardware or are there some considerations in software too? Regards, SiddharthSanjay Rawat Senior Software Engineer INTOTO Software (India) Private Limited Uma Plaza, Above HSBC Bank, Nagarjuna Hills PunjaGutta,Hyderabad 500082 | India Office: + 91 40 23358927/28 Extn 422 Website : www.intoto.com Homepage: http://sanjay-rawat.tripod.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- challenges in capturing Gigabit ethernet Siddharth Phadnis (Dec 27)
- Re: challenges in capturing Gigabit ethernet Sanjay Rawat (Dec 27)
- Re: challenges in capturing Gigabit ethernet Mike (Dec 28)
- Re: challenges in capturing Gigabit ethernet Rodrigo Barbosa (Dec 27)
- <Possible follow-ups>
- Re: challenges in capturing Gigabit ethernet hank . schupp (Dec 27)
- Re: challenges in capturing Gigabit ethernet Sanjay Rawat (Dec 27)