On Fri, 25 Jan 2002, Ken Pohniman wrote:

> Seems that at 60Mbps throughput, the NIDS packet drop rate is about
> 50%. My questions is - at what drop rate can an IDS afford to
> experience before becoming totally 'useless'? Can the IDS still detect
> a particular attack if it drops just 1 of the packet? This is my
> biggest question actually. Thanks!

are you doing any tuning (buffer sizes, options) of your NIDS?

a fair NIDS can make a match even with a few dropped packets here and
there. relying on seeing that one packet for a match is relying on too
much luck and possibly making a decision based on too little evidence.

____________________________
jose nazario josecwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]