Results 1 to 3 of 3

Thread: NIDS on Multiple Internet Gateway?

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    1

    NIDS on Multiple Internet Gateway?

    Hi,

    We just have plan to put NIDS on our border router connected to the global Internet.
    All of the border router acting as our Internet gateway for our backbone network. With this configuration we may facing trouble because of asymteric traffic that may pass along the multiple gateway router, which is located in many different places.
    Anybody have experience with this kind of IDS implementation ?
    Or is it common NIDS implementation on protecting service provider network ?

    Any comment please....

    thx

    phuntos

  2. #2
    Junior Member
    Join Date
    Oct 2003
    Posts
    1

    Re: NIDS on Multiple Internet Gateway?

    Originally posted here by phuntos
    Hi,

    We just have plan to put NIDS on our border router connected to the global Internet.
    All of the border router acting as our Internet gateway for our backbone network. With this configuration we may facing trouble because of asymteric traffic that may pass along the multiple gateway router, which is located in many different places.
    Anybody have experience with this kind of IDS implementation ?
    Or is it common NIDS implementation on protecting service provider network ?

    Any comment please....

    thx

    phuntos
    hi phuntos,
    how far away in meters is "many different places" ?
    And at what speed are your border-gateway running ? I assume they are using ethernet, don't they ? I am not aware about a IDS running over POS STMxx or something like that!

    If the speed and more interesting the saturation of the lines is moderate 100mbit and you can connect the locations maybe via Fiber-Optic to a central point, than i have a snort/linux configuration handling your and of course our asymetric problem.

    cu

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Hmmm...not sure how I missed this post the first time around. Regardless, if you are having problems with routing assymetry on your internal (backbone) network, you need to work on your routing (outside your backbone is a different story).

    How exactly are you looking to implement your NIDS? What software/hardware are you looking to deploy? Most modern NIDS have split up the functionality of Network Intrusion Detection into several components, a monitor (watches network traffic), a reporter (reports to central location), an event collector (records the events sent by the reporter), a central database (where the events are stored), and a console (a frontend that queries the database).

    Regardless of what you use, I don't really see how you could be having problems with assymetry if your internal routing is functional (you are keeping your NIDS and the databse internal to your network right?)...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •