[unisog] 10 Gb IDS/IPS and IPv6
michael.holstein at csuohio.edu
Wed Apr 13 21:04:58 GMT 2005
I know some of Endance's DAG cards can do 10gE
(http://www.endace.com/dag4.3GE.htm) and they have a daughter board
(http://www.endace.com/dagCoPro.htm) that can do on-chip (FPGA) pattern
matching (although only at 6.4gbps bidirectional).
...and for gear like that, there are Mastercards.
Mark Newman wrote:
> Does anyone have any information on 10 Gb IDS/IPS that actually works?
> I've read that Snort will support up to 8 Gb but, this has to be
> appliance based.
> I recently sat in on a presentation by a company named MetaNetworks that
> will be selling a 10 Gb card (a beta version will be available in a
> couple of weeks). The card will have up to 604 'embedded' Snort
> signatures (none of which it seems are content based) that are
> configurable via a toolkit. My feeling is that their product is not
> ready for prime time. I saw problems, for one thing, with the way
> fragmentation is handled with this early rendition of their product.
> It seems there is a scramble to get something marketable that will
> support 10 Gb. Has anyone come across anything that looks better than
> promising? Many of the companies I've talked with are targeting the
> later half of FY06 for 10 Gb support. What kinds of problems does anyone
> forsee, besides the obvious, with 10 Gb support?
> Has anyone seen anything in the way of a mature IDS/IPS that will
> accommodate IPv6? Snort has ~some~ capabilities. Where are the
> IDSes/IPSes with complete support for IPv6 (i.e. excluding those that
> just recognize IPv6 traffic) ?
> Mark Newman
> CISSP 67152, GCIA 729
> Information Security Office - Technical Lead
> University of Tennessee - Knoxville
> unisog mailing list
> unisog at lists.sans.org
More information about the unisog