|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dragos Ruiu (dr
kyx.net)Date: Fri Jan 25 2002 - 02:09:32 CST
This 40Mbps number is a potentially dangerous bit of misinformation most
nids vendors exceeded these drop thresholds a ways back.
The drop rate is dependent on a great many things, including the specific
ids software, the cpu speed, memory, nic type, bus type, os, capture
subsystem, rule loading and settings on the ids, etc...
I think you'll find IDSes esily today to go to 600Mbps+ speeds in some
typical scenarios.
Packet drop rate, at it's simplest is defined as the ratio of the number
of packets you should have seen/alerted/munged/whatever to the number
of packets you did get. Measuring this ratio under realistic conditions
is left as an excersize for the reader. (Hint: use a controllable,
accurate traffic source, and examine logs/statistics/whatever on the
receive side carefuly. Don't forget the background load. :-)
cheers,
--dr
-- Requisite Commercial Content and Disclaimers: http://cansecwest.com CanSecWest Network Security Training Conference - Vancouver B.C. - May 1-3 2002 OpenSnort IDS Sensors: http://www.sourcefire.comOn Fri, 25 Jan 2002 07:53:20 +0800 "Ken Pohniman" <kenpohniman
> From what I understand, a NIDS can typically handle up to 40Mbps of traffic > at any one time before starting to drop packets aggresively. An IDS > Balancer, like that from TopLayer Networks, will be required, especially if > you're talking about a GE network. > > Btw, regardless of what tool you use, does anyone knows how to check what is > the packet drop rate on the IDS? > > Thanks! > > -----Original Message----- > From: Chad Gough [mailto:chad131
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]