Based on the feedback which we got from our customers on security products, it appears that this is not un-common, especially in SME deployments. We don't see this issue if security devices are deployed at the edge though. When deployment happens in the core of Enterprise networks, these scenarios are observed.
Stateful security devices fail in these cases as they don't see all packets of session and due to this they may even drop packets. For example, stateful security device drops SYN+ACK packet if it did not see SYN packet before. Due to customer demand, we had to add 'Bypass security processing' functionality to bypass packets on configured networks to satisfy these deployments. Of course the default behavior does not bypass any security processing. Srini -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of snort user Sent: Wednesday, November 07, 2007 4:42 PM To: [email protected] Subject: Asymmetric traffic/topology Greetings. I am sure that most of you know about the asymmetric traffic/topology problem in relevance to IDS/IPS systems. ( By Asymmetric traffic/topology, I mean the case where client to server packets traverse a different path in your network compared to server to client packets. Hence the IDS/IPS see only one side of the conversation) I am trying to find out how wide this problem really is? Is it commonly seen in large / enterprise networks ? Any input is welcome. Thanks ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ******************************************************************************** This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
