RE: IDS/IPS system with Foundry sFlow

---

• From: "Adamo, Alfonso" <Alfonso.Adamo@xxxxxxxxxxxxx>
• Date: Tue, 22 Apr 2008 15:48:40 -0400

---

I believe sFlow will only forward sampled data, not all packets.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Martin Roesch
Sent: April 22, 2008 2:19 PM
To: Security Group
Cc: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Re: IDS/IPS system with Foundry sFlow

When you say "with sFlow" do you mean analyze the sFlow records or
analyze the packets on the wire and correlate it with the sFlow data?

--
Sent from my iPhone

On Apr 21, 2008, at 3:42 PM, "Security Group" <secgro@xxxxxxxxx> wrote:

Hello,

We have got a network with an embedded support for sFlow technology.
We also want to have a good IDS/IPS system. Does anyone know a good
setup with our foundry?

We noticed that Foundry got their own application called "IronView
Network Manager", it is able to operate with snort. Does anyone know
of this is a good solution? Or should we use an sFlow converter (e.g.
InMon sFlow toolkit) that can work with snort?

What are the other possibilities for IDS/IPS besides snort. It has to
operate with the sFlow technology.

Kind regards,

Babel Timo

---
---------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to

http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw

to learn more.
---
---------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

---

• References:
  • IDS/IPS system with Foundry sFlow
    • From: Security Group
  • Re: IDS/IPS system with Foundry sFlow
    • From: Martin Roesch

• Prev by Date: Re: IDS/IPS system with Foundry sFlow
• Next by Date: Re: IDS/IPS system with Foundry sFlow
• Previous by thread: Re: IDS/IPS system with Foundry sFlow
• Next by thread: Re: IDS/IPS system with Foundry sFlow
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: IDS/IPS system with Foundry sFlow ... would either need to be able to use Netflow (not supported on Foundry ... We prefer the Datacom singlestream taps for our Snort IDS ... Also Lancope has a StealWatch XE for sFlow. ... with real-world attacks from CORE IMPACT. ... (Focus-IDS) RE: IDS/IPS system with Foundry sFlow ... the sFlow is sampled 1 of 32 packets and higher. ... remotely) can read and then send alerts back to the IronView console. ... it is able to operate with snort. ... (Focus-IDS)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2008-04