On 10/13/07, Ravi Chunduru <[EMAIL PROTECTED]> wrote: > On 10/12/07, H D Moore <[EMAIL PROTECTED]> wrote: > > This is called marketing :-) If you want to support DoS attacks consisting > > of more 10,000 sessions, you must upgrade to a more expensive box. Even > > the very high-end IPS products start hitting session limits after 1-2 > > million concurrent sessions[1]. > > i understand :-). is it not too expensive for small and medium businesses?
So you would need to go with some rule of thumb. You would know what your organization needs and choose accordingly. If you have a 100 systems behind the box, then even if each of them have a 100 sessions open at any time instance, then you would need something that supports 10,000 sessions. Since all 100 may not have 100 sessions at the same time, things would roughly get evened out. Some servers may have a large number of sessions open for a short duration, others vice-versa. And SMEs may be anything between 50-500 employees. ~Z ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
