I do understand and observed flow-level and packet-level asymmetry in some complicated networks. how does connection-level asymmetry works? do clients make two connections to servers to send or receive same data?
Ravi On Nov 8, 2007 3:06 PM, Jeremy Bennett <[EMAIL PROTECTED]> wrote: > First there are three types of asymmetry in a network that can cause > problems for some times of IPS devices. > > 1. Connection-level asymmetry: This is the case where a given TCP > connection (up and down stream) is on a single network path but a > separate, identical connection may follow a different path. This is > very common and can cause problems for behavioral systems. > > 2. Flow-level asymmetry: This is the case where the upstream and > downstream flows in a TCP connection may follow different paths. This > can cause problems for behavioral systems and stateful packet- > inspection. > > 3. Packet-level asymmetry: This is the case packets within a flow may > be following different routes in a network. This can cause problems > for any IPS except for the most basic packet-filter. > > Now in my experience, #1 is very common in medium to large > enterprises that have built for scalability and redundancy. #2 is > common in load-balanced server farms. #3 is not extremely common but > does appear in some instances of a hot-hot redundancy deployment. > > > -J > > > On Nov 7, 2007, at 4:42 PM, snort user wrote: > > > Greetings. > > > > I am sure that most of you know about the asymmetric traffic/topology > > problem in relevance to > > IDS/IPS systems. > > ( By Asymmetric traffic/topology, I mean the case where client to > > server packets traverse a different path > > in your network compared to server to client packets. Hence the > > IDS/IPS see only one side of the conversation) > > > > I am trying to find out how wide this problem really is? > > Is it commonly seen in large / enterprise networks ? > > > > Any input is welcome. > > > > Thanks > > > > ---------------------------------------------------------------------- > > -- > > Test Your IDS > > > > Is your IDS deployed correctly? > > Find out quickly and easily by testing it > > with real-world attacks from CORE IMPACT. > > Go to http://www.coresecurity.com/index.php5? > > module=Form&action=impact&campaign=intro_sfw > > to learn more. > > ---------------------------------------------------------------------- > > -- > > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
