RE: high speed nids

From: Mike Coliton (
Date: 08/03/01

From: "Mike Coliton" <>
To: "Chris Deibler" <>, <>
Subject: RE: high speed nids
Date: Fri, 3 Aug 2001 17:00:59 -0400
Message-ID: <>

NSW (now Enterasys)Dragon tested very well at gig speed, and is a very good

-----Original Message-----
From: Chris Deibler []
Sent: Friday, August 03, 2001 1:19 PM
Subject: RE: high speed nids

        A rumor shared by many. As it stands, the NetworkICE Gigabit Sentry
is the only realistic choice for giga-speed IDS, and ISS was shrewd to
purchase that ability. As far as the engine is concerned, the NI products
actually mirror the IP stack for decoding and detection, as opposed to
inserting shims into the stack, a technique used by many other IDS vendors.
Part of my company's offerings is the resale of NetworkICE (value added or
straight), and we have been continually impressed with the performance of
the engine. Doesn't match the sheer fun-factor of a rack of snort boxes,
but hey, what does?

Chris Deibler
VigilantMinds, Inc.

-----Original Message-----
From: Mike Johnson []
Sent: Friday, August 03, 2001 10:53 AM
Subject: Re: high speed nids

Chris Deibler [] wrote:
> NetworkICE (now ISS property) has a gigabit-capable sentry offering.
> However, whether this product survives the consolidation is subject to
> conjecture. In any case, I suggest checking it out. I have considerable
> experience with their other sentries, and find them useful.

Rumor has it that this technology is the exact reason that ISS
bought NetworkICE. I'd be willing to bet that it'd survive
the buyout. That's not to say it won't morph into something else,
but ISS doesn't have any way of doing gigabit capable stuff
without either the expensive Toplayer stuff or the tech from


Mike Johnson --
OpenNMS --
Like many things in awk, the majority of the time things
work as you would expect them to work.  -- The GNU Awk User's Guide.