Yes, so have many of us. Lab tests are much different from real world
implementations.
/m
At 11:22 PM 8/6/00 -0400, Carric Dooley wrote:
>I have heard Dragon can do 150-200Mb's.
>
>
>----- Original Message -----
>From: "Aaron Schultz" <[EMAIL PROTECTED]>
>To: "Firewalls LIST" <[EMAIL PROTECTED]>
>Sent: Thursday, August 03, 2000 3:11 PM
>Subject: RE: Intrusion Detection
>
>
> > I've found no product that can do network-based detection for 100+Mb
> > environments. Currently we've decided on host-based IDS as our answer.
> > Both ISS and Axent's products can do similar management of multiple hosts
> > similar to network-based products including the ability to watch single
> > port-scans across multiple hosts, etc. ISS and Axent are also
> > multi-platform.
> >
> > - Aaron Schultz
> > - [EMAIL PROTECTED]
> > ------
> >
> > On Thu, 3 Aug 2000, Johnson, Carl wrote:
> >
> > > Bandwidth is an issue for me. I'm told by Cisco that
> > > NetRanger (or Intrusion Detection System as it is called
> > > now) also cannot monitor more than 100mbs.
> > >
> > > Does anything know of an IDS system that can go over 100mbs?
> > > Perhaps with a gig interface? That is, if adequate monitoring
> > > is even possible with today's hardware at those speeds!
> > >
> > > Thanks!
> > > Carl
> > >
> > > > -----Original Message-----
> > > > From: Aaron Schultz [mailto:[EMAIL PROTECTED]]
> > > > Sent: Thursday, August 03, 2000 10:54 AM
> > > > To: Firewalls LIST
> > > > Subject: Re: Intrusion Detection
> > > >
> > > >
> > > > I wouldn't promote NFR...
> > > >
> > > > They can't monitor much bandwidth...(ie: 100+Mbit)
> > > > When I asked about monitoring any amount of bandwidth they sent me to
> > > > voicemail and I wasn't called back until the sales associate
> > > > decided it
> > > > was time to check to see if I had received answers to my various
> > > > questions. Furthermore, they claim the only way to monitor a decent
> > > > amount of bandwidth is to put multiple NFR devices behind a
> > > > foundry (or
> > > > similar) switch, although they don't have true answers on how
> > > > the machines
> > > > coordinate their data when used seperately like this.
> > > >
> > > > NFR also lists only DESKTOP devices (ie: Compaq PCs) on their
> > > > literature,
> > > > not 1 piece of hardware listed was a decent server platform.
> > > >
> > > > I never made it to their evaluation of their product - I find their
> > > > pre-sales support to be less than adequate. Currently the
> > > > best answers
> > > > for IDS (IMO) are:
> > > > - Internet Security System's products
> > > > - Axent's (now Norton's) product line
> > > > (both have Windows agents)
> > > >
> > > > - Aaron Schultz
> > > > - [EMAIL PROTECTED]
> > > > ------
> > > >
> > > > On Thu, 3 Aug 2000, Fabio Pietrosanti wrote:
> > > >
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > Hash: SHA1
> > > > >
> > > > > Network Flight Recorder, run only on Unix, but it's the
> > > > BEST and the most
> > > > > difficult to tune in my opinion. It use his N-Code for creating the
> > > > > Backend filter.
> > > > > look here http://www.nfr.net
> > > > >
> > > > > Pietrosanti Fabio I.NET SpA, High Quality Access
> > > > to the Internet
> > > > > e-mail: [EMAIL PROTECTED] ( Direzione Tecnica,
> > > > Gruppo Firewall )
> > > > > [EMAIL PROTECTED]
> > > > > PGP Key (DSS)
> > > http://naif.itapac.net/naif.asc
> > > >
> > > > Home Page URL: http://www.inet.it
> > > > Sede: Via Caldera, 21 20153 Milano
> > > > Tel: 02-409061 Fax: 02-40906303
> > > > --
> > > > Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS
> > > >
> > > >
> > > > On Thu, 3 Aug 2000, Rob Serfozo wrote:
> > > >
> > > > > We are investigating the installation of Intrusion Detection
>software.
> > > > > Wondering if the list had any opinions good or bad towards any
>product.
> > > We
> > > > > are hoping to be able to run on a Windows platform. We are
>currently
> > > using
> > > > > a PIX firewall.
> > > > >
> > > > > Thanks,
> > > > > Rob Serfozo
> > > > >
> > > > > -
> > > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > > "unsubscribe firewalls" in the body of the message.]
> > > > >
> > > > >
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.0.1 (GNU/Linux)
> > > > Comment: For info see http://www.gnupg.org
> > > > Filter: gpg4pine 4.1 (http://azzie.robotics.net)
> > > >
> > > > iD8DBQE5iZc8dK5I1NnlcMYRArVIAJwLOjB3xWV8dJL8HcC2GN7JnvWBBwCgnN2v
> > > > f/8+3RNhPbhLeFLQ7/hRqzY=
> > > > =eoJG
> > > > -----END PGP SIGNATURE-----
> > > >
> > > > -
> > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > "unsubscribe firewalls" in the body of the message.]
> > > >
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
