NIPS solutions
From: Andreas Hess (hess_at_tkn.tu-berlin.de)
Date: 04/20/04
- Previous message: christian graf: "Re: NIPS Vendors explicit answer"
- Next in thread: Mike Frantzen: "Re: NIPS solutions"
- Reply: Mike Frantzen: "Re: NIPS solutions"
- Reply: .Bob Bradley: "RE: NIPS solutions"
- Reply: Anton A. Chuvakin: "fun piece from Gartner on IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Apr 2004 20:13:54 +0200 To: focus-ids <focus-ids@securityfocus.com>
Hi,
I am interested in NIPS solutions.
Especially I wonder if either single processor or multiple processor
machines are used?
I just explain my point of view. I realized a simple NIPS that is
running on a linux machine. The intrusion prevention system is running
as a thread in kernel space. So, each packet that is arriving at the
network interface triggers an hardware interrupt that is instantly
processed by the Linux OS. Consequently the intrusion prevention thread
is interrupted and the higher the traffic load the more often an
interrupt occurs.
An IPS solution that is running on a dual or multiple processor machine
would not suffer under this limitation. But it is a real hassle to get
useful information from manufacturers.
Thanks for helping
Regards
Andreas
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: christian graf: "Re: NIPS Vendors explicit answer"
- Next in thread: Mike Frantzen: "Re: NIPS solutions"
- Reply: Mike Frantzen: "Re: NIPS solutions"
- Reply: .Bob Bradley: "RE: NIPS solutions"
- Reply: Anton A. Chuvakin: "fun piece from Gartner on IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
