I'm a bit surprise you were not able to match on IPv6 addresses; will
something like this get any IPv6 traffic at all?
ipv6 access-list IPv6-Sample-ACL
permit ipv6 any any
To answer your question:
current:
* Vlan based SPANs, with edge feed on dot.1q trunk; this allows for
"poor man" granularity by vlan ("permit all" & not as good as VACL)
* IDS are open-bsd running snort with extensive ruleset for matching
attack signatures
not-so-distant-future (which will buy as a few years):
* net-optics
In my opinion all of this is analogous to an "arms race" where at some
point traffic volume over-runs current method or technology used then
the whole design needs to be re-visited again; but then again IT is
somewhat like that by nature.
Regards,
Ge Moua | Email: [email protected]
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
2218 University Ave SE | Minneapolis, MN 55414-3029
Office: 612.626.2779 | Pager: 612.648.0103 | Fax: 612.626.1818
Phil Mayers wrote:
Ge Moua wrote:
We beta tested the GigaMon platform and for the most part it does
what it claims it can do; basically takes a span feed and "fans" it
out for analysis; in the end it was just too $$pricey$$ (> ~$100K
USD); seems like the target mkt are carriers and large service
providers.
Our OITSecurity group has been looking at NetOptics as a less
expensive alternative:
http://www.network-taps.eu/home/home.php
Does basically the same as the Gigamon but not nearly as expensive
(~$50K USD); albeit with less bells and whistles.
Which specific products are you using, if you don't mind my asking?
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
