[unisog] 10 Gb IDS/IPS and IPv6

BACHAND, Dave (Info. Tech. Services) BachandD at easternct.edu
Thu Apr 14 13:08:00 GMT 2005

Don't think it's a full IDS, but Foundry's boxes can do S-FLO analysis
at 10GB.  They claim it's the same technology that SNORT uses, so you
might be able to kluge something together. 

Dave Bachand
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
Willimantic, CT
Tel. (860)465-5376

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Mark Newman
Sent: Monday, April 11, 2005 1:33 PM
To: UNIversity Security Operations Group
Subject: [unisog] 10 Gb IDS/IPS and IPv6

Does anyone have any information on 10 Gb IDS/IPS that actually works?

I've read that Snort will support up to 8 Gb but, this has to be
appliance based.

I recently sat in on a presentation by a company named MetaNetworks that
will be selling a 10 Gb card (a beta version will be available in a
couple of weeks). The card will have up to 604 'embedded' Snort
signatures (none of which it seems are content based) that are
configurable via a toolkit. My feeling is that their product is not
ready for prime time. I saw problems, for one thing, with the way
fragmentation is handled with this early rendition of their product.

It seems there is a scramble to get something marketable that will
support 10 Gb. Has anyone come across anything that looks better than
promising? Many of the companies I've talked with are targeting the
later half of FY06 for 10 Gb support. What kinds of problems does anyone
forsee, besides the obvious, with 10 Gb support?

Has anyone seen anything in the way of a mature IDS/IPS that will
accommodate IPv6? Snort has ~some~ capabilities. Where are the
IDSes/IPSes with complete support for IPv6 (i.e. excluding those that
just recognize IPv6 traffic) ?

Mark Newman
CISSP 67152, GCIA 729
Information Security Office - Technical Lead University of Tennessee -

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list