[unisog] 10 Gb IDS/IPS and IPv6 - more

Mark Newman mnx at utk.edu
Fri Apr 15 14:31:57 GMT 2005


I want to correct my posting about MetaNetworks' 10gb solution.

The ~600 signatures on the card are stateful ~and~ content based at 10gb
(full duplex). I misunderstood the capabilities of this card.

It seems that none of the major companies are willing to risk anything
by offering a 10gb solution at this time. I've heard estimates of 12-18+
months before anything will be available. We are going to 10gb in our
core sooner that...I can understand some of the dynamics of why nothing
is available but, the cart has again gotten in front of the horse - i.e.
we have technology and there are no good security solutions for it -
perhaps this is just the natural evolution of things yet it is
frustrating

Even though MetaNetworks http://www.metanetworks.org is a small company,
they at least offer a solution. Most everything else right now seems to
be a kludge.

I'm requesting a evaluation of MetaNetworks' 10gb card to be used in our
test lab. Will let you know how it goes.

Mark Newman
CISSP 67152, GCIA 729
University of Tennessee
Information Security Office
mnx at utk.edu
865.974.2032

On Mon, 2005-04-11 at 13:32, Mark Newman wrote:
> Does anyone have any information on 10 Gb IDS/IPS that actually works?
> 
> I've read that Snort will support up to 8 Gb but, this has to be
> appliance based.
> 
> I recently sat in on a presentation by a company named MetaNetworks that
> will be selling a 10 Gb card (a beta version will be available in a
> couple of weeks). The card will have up to 604 'embedded' Snort
> signatures (none of which it seems are content based) that are
> configurable via a toolkit. My feeling is that their product is not
> ready for prime time. I saw problems, for one thing, with the way
> fragmentation is handled with this early rendition of their product.
> 
> It seems there is a scramble to get something marketable that will
> support 10 Gb. Has anyone come across anything that looks better than
> promising? Many of the companies I've talked with are targeting the
> later half of FY06 for 10 Gb support. What kinds of problems does anyone
> forsee, besides the obvious, with 10 Gb support?
> 
> Has anyone seen anything in the way of a mature IDS/IPS that will
> accommodate IPv6? Snort has ~some~ capabilities. Where are the
> IDSes/IPSes with complete support for IPv6 (i.e. excluding those that
> just recognize IPv6 traffic) ?
> 
> Mark Newman
> CISSP 67152, GCIA 729
> Information Security Office - Technical Lead
> University of Tennessee - Knoxville
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list