[unisog] 10 Gb IDS/IPS and IPv6

Mark Newman mnx at utk.edu
Mon Apr 11 17:32:45 GMT 2005


Does anyone have any information on 10 Gb IDS/IPS that actually works?

I've read that Snort will support up to 8 Gb but, this has to be
appliance based.

I recently sat in on a presentation by a company named MetaNetworks that
will be selling a 10 Gb card (a beta version will be available in a
couple of weeks). The card will have up to 604 'embedded' Snort
signatures (none of which it seems are content based) that are
configurable via a toolkit. My feeling is that their product is not
ready for prime time. I saw problems, for one thing, with the way
fragmentation is handled with this early rendition of their product.

It seems there is a scramble to get something marketable that will
support 10 Gb. Has anyone come across anything that looks better than
promising? Many of the companies I've talked with are targeting the
later half of FY06 for 10 Gb support. What kinds of problems does anyone
forsee, besides the obvious, with 10 Gb support?

Has anyone seen anything in the way of a mature IDS/IPS that will
accommodate IPv6? Snort has ~some~ capabilities. Where are the
IDSes/IPSes with complete support for IPv6 (i.e. excluding those that
just recognize IPv6 traffic) ?

Mark Newman
CISSP 67152, GCIA 729
Information Security Office - Technical Lead
University of Tennessee - Knoxville




More information about the unisog mailing list