Re: Asymmetric traffic/topology
- From: "Ravi Chunduru" <ravi.is.chunduru@xxxxxxxxx>
- Date: Fri, 9 Nov 2007 08:59:28 -0800
I do understand and observed flow-level and packet-level asymmetry in
some complicated networks. how does connection-level asymmetry works?
do clients make two connections to servers to send or receive same
data?
Ravi
On Nov 8, 2007 3:06 PM, Jeremy Bennett <jeremy@xxxxxxxxxxx> wrote:
First there are three types of asymmetry in a network that can cause
problems for some times of IPS devices.
1. Connection-level asymmetry: This is the case where a given TCP
connection (up and down stream) is on a single network path but a
separate, identical connection may follow a different path. This is
very common and can cause problems for behavioral systems.
2. Flow-level asymmetry: This is the case where the upstream and
downstream flows in a TCP connection may follow different paths. This
can cause problems for behavioral systems and stateful packet-
inspection.
3. Packet-level asymmetry: This is the case packets within a flow may
be following different routes in a network. This can cause problems
for any IPS except for the most basic packet-filter.
Now in my experience, #1 is very common in medium to large
enterprises that have built for scalability and redundancy. #2 is
common in load-balanced server farms. #3 is not extremely common but
does appear in some instances of a hot-hot redundancy deployment.
-J
On Nov 7, 2007, at 4:42 PM, snort user wrote:
Greetings.
I am sure that most of you know about the asymmetric traffic/topology
problem in relevance to
IDS/IPS systems.
( By Asymmetric traffic/topology, I mean the case where client to
server packets traverse a different path
in your network compared to server to client packets. Hence the
IDS/IPS see only one side of the conversation)
I am trying to find out how wide this problem really is?
Is it commonly seen in large / enterprise networks ?
Any input is welcome.
Thanks
----------------------------------------------------------------------
--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?
module=Form&action=impact&campaign=intro_sfw
to learn more.
----------------------------------------------------------------------
--
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- References:
- Asymmetric traffic/topology
- From: snort user
- Re: Asymmetric traffic/topology
- From: Jeremy Bennett
- Asymmetric traffic/topology
- Prev by Date: Re: Asymmetric traffic/topology
- Next by Date: Re: Asymmetric traffic/topology
- Previous by thread: Re: Asymmetric traffic/topology
- Next by thread: Re: Asymmetric traffic/topology
- Index(es):
Relevant Pages
|
Loading
