RE: NIPS solutions

From: .Bob Bradley (bbradley_at_beadwindow.com)
Date: 04/21/04

  • Next message: Anton A. Chuvakin: "fun piece from Gartner on IDS" 
    To: "Andreas Hess" <hess@tkn.tu-berlin.de>, "focus-ids" <focus-ids@securityfocus.com>
Date: Tue, 20 Apr 2004 20:43:46 -0400

    I know of one solution from Beadwindow that, for high end applications,
    uses a dual Xeon processor based platform.

    bb

    -----Original Message-----
    From: Andreas Hess [mailto:hess@tkn.tu-berlin.de]
    Sent: Tuesday, April 20, 2004 2:14 PM
    To: focus-ids
    Subject: NIPS solutions

    Hi,

    I am interested in NIPS solutions.
    Especially I wonder if either single processor or multiple processor
    machines are used?
    I just explain my point of view. I realized a simple NIPS that is
    running on a linux machine. The intrusion prevention system is running
    as a thread in kernel space. So, each packet that is arriving at the
    network interface triggers an hardware interrupt that is instantly
    processed by the Linux OS. Consequently the intrusion prevention thread
    is interrupted and the higher the traffic load the more often an
    interrupt occurs.
    An IPS solution that is running on a dual or multiple processor machine
    would not suffer under this limitation. But it is a real hassle to get
    useful information from manufacturers.

    Thanks for helping
    Regards
    Andreas

    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------

  • Next message: Anton A. Chuvakin: "fun piece from Gartner on IDS"