RE: IDS causing troubles



We had problem with IPS. It was down at least once a month. When we debug that issue we discovered that the number of session before the down time was huge, CPU - 80-85%. After the long research, the decision was to upgrade the device.
After upgrade the problem gone.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Shang Tsung
Sent: Tuesday, February 01, 2011 11:53 AM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: IDS causing troubles

Hello,

We have the following problem. Now and then, the IDS will cause
disruptions to the network, especially after updates. We have an IBM
(ex ISS) Intrusion Detection System with a few network sensors and
several host sensors. The IDS is not managed by us but we have it
outsourced.

The disruptions mentioned above cause our network engineers extreme
dissatisfaction (and anxiety) about the IDS and they would "burn the
damn thing", if they could. We have 2 - 3 serious issues, causing
downtime, per year.

My questions are:

- Are any of you experience the same issues?
- Is these disruptions common to others or should we seriously
consider replacing the IDS and/or the outsourcing company?
- Could this be an issue with our network infrastructure?

I will appreciate any thoughts.

Thanks,
ST

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194



-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194



Relevant Pages

  • Re: IDS causing troubles
    ... In my first deployment of IPS (vs. IDS) years ago, ... Network admins will blame EVERYTHING on the IDS/IPS because it's ... Securing Your Online Data Transfer with SSL. ... SSL certificates, how they operate and their application. ...
    (Focus-IDS)
  • RE: IDS causing troubles
    ... Subject: IDS causing troubles ... Now and then, the IDS will cause ... disruptions to the network, especially after updates. ... The disruptions mentioned above cause our network engineers extreme ...
    (Focus-IDS)
  • IDS causing troubles
    ... disruptions to the network, especially after updates. ... The IDS is not managed by us but we have it ... The disruptions mentioned above cause our network engineers extreme ... consider replacing the IDS and/or the outsourcing company? ...
    (Focus-IDS)
  • Re: IDS causing troubles
    ... disruptions to the network, especially after updates. ... The IDS is not managed by us but we have it ... The disruptions mentioned above cause our network engineers extreme ... An other problem is the protocol inspection: I assume your IDS runs in IPS ...
    (Focus-IDS)
  • Re: IDS causing troubles
    ... How do you determine that it's the IDS causing this trouble? ... disruptions to the network, especially after updates. ... The disruptions mentioned above cause our network engineers extreme ...
    (Focus-IDS)