TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
I'm not sure how well this would work in your situation but it might be worth investigating... We are using network taps which have separate ports for each direction of traffic. This meant that our sensor would only see half of a conversation (similar to your problem). To overcome this, we put both outputs into a 100Mb hub and then also plugged the sensor into the hub which can then see both directions of the communication. Perhaps you can tap both sides of your load balanced network into a hub and then put your sensor into the hub. I guess this assumes your load balancing design is fairly simple. Good luck. Steve -----Original Message----- From: Corporate Data Security Office [mailto:[EMAIL PROTECTED]] Sent: January 2, 2002 4:36 PM To: [EMAIL PROTECTED] Subject: Split route (Asymmetric route) impact on RealSecure TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hi, Our network is designed with load balance and redundant. In many areas, there is split route or asymmetric route situation. RealSecure IDS sensors can only capture partial network traffic for same TCP session. So, I have a lot false positive alerts. I am looking for a solution to overcome this problem. I called ISS support, and was told there is no solution from ISS side. I wonder that maybe somebody has same issue and have a solution already. Thanks for any comments. Thanks -Shiming <FONT SIZE = 1>**************************************************************************** This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this e-mail are those of the author and are not endorsed by the author's employer.</FONT>
