Asymmetric communication is not generally preferred, but it is also not entirely uncommon on today's networks. Most of the experience I've had with this type of configuration relates to Internet multi-homing. For example, if a network pads their BGP prefix list to force communication to come in through one provider but outbound traffic is allowed to take the best path, a situation will exist where incoming traffic will take one path across the Internet but the return traffic to some hosts will take another.
You also have to figure that, with the dynamic nature of modern networks, (including the Internet) asymmetric routing will occasionally popup and disappear depending on the decisions made by the specific routing protocols. The only way to completely avoid this is through static routes. As far as purposely creating an asymmetric configuration on a corporate network, I have never had a reason to do so, but I suppose there could be some situations where it might be necessary or useful. >From a network intrusion detection/prevention perspective, there is most likely a point closer to the system/network you're trying to monitor where there is no asymmetry. For example, there is only one possible path at a time on an Ethernet network. Of course, all of this is fairly generic. Can you give more specific information? -- Matt -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of snort user Sent: Wednesday, November 07, 2007 4:42 PM To: [email protected] Subject: Asymmetric traffic/topology Greetings. I am sure that most of you know about the asymmetric traffic/topology problem in relevance to IDS/IPS systems. ( By Asymmetric traffic/topology, I mean the case where client to server packets traverse a different path in your network compared to server to client packets. Hence the IDS/IPS see only one side of the conversation) I am trying to find out how wide this problem really is? Is it commonly seen in large / enterprise networks ? Any input is welcome. Thanks ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig n=intro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
