[89672] in North American Network Operators' Group
Re: recommendations regarding IPS
daemon@ATHENA.MIT.EDU (Hegger, Stefan)
Fri Mar 31 09:17:07 2006
In-Reply-To: <87sloyd8pn.fsf@valhalla.seastrom.com>
Date: Fri, 31 Mar 2006 16:16:29 +0200
From: "Hegger, Stefan" <Stefan.Hegger@lycos-europe.com>
To: "Robert E.Seastrom" <rs@seastrom.com>
Cc: <nanog@merit.edu>
Reply-To: "Hegger, Stefan" <Stefan.Hegger@lycos-europe.com>
Errors-To: owner-nanog@merit.edu
--=-6uTtjmu5vKeg40olvplo
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Hi=20
On Fri, 2006-03-31 at 08:50 -0500, Robert E.Seastrom wrote:
> "Hegger, Stefan" <Stefan.Hegger@lycos-europe.com> writes:
>=20
> > hope not bothering you but I'm looking for some experiences with IPS
> > systems. There are several vendors but is there a recommandation or som=
e
> > tests? As Service provider we need a system which handles the scanning
> > in hardware and it should work as a layer2 bridge (no IP).
>=20
> what speed, what problem are you trying to solve, and what do you mean
> by "in hardware"? no fpgas? :)
We have a 2 Gbps connection with about about 200kpps in- and outgoing
traffic, and I don't want to pipe the traffic through software, fpgas
are ok.
Our problems are DDoS and we want to have a stateful packet inspection.
The system should not be "static" there should be something like anomaly
detection. It should report if there is "strange" traffic. And of course
the normal stuff as Intrusion detection (worms, botnets etc.)
Stefan =20
--=20
Stefan Hegger
Lycos Europe GmbH
Carl-Bertelsmann Str. 21
Postfach 315
33311 Guetersloh
email:Stefan.Hegger@lycos-europe.com
Tel: +49 5241 80 71334
FAX:+49 5241 80671334
Mob:+49 170 1892720
--=-6uTtjmu5vKeg40olvplo
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQBELTm91MWdxd/Ey/wRAt4OAKCxAH40AuqrVeWMTSYaxrD7Vcy04QCg6obK
O5GI4fdzSjxOjHl/sDP9DJc=
=+W4u
-----END PGP SIGNATURE-----
--=-6uTtjmu5vKeg40olvplo--
