On Friday 16 April 2010 01:23:01 pm Markus A. Wipfler wrote: > Check out NBAR. It does deep packet inspection (router > looks at layer 4 to 7 as well) and actively prevents an > attack from happening (at least cisco will try to tell > you that), rather than just reporting it like most open > source IDS. So I guess NBAR is an IPS, since it actually > prevents an attack from happening by looking at traffic > flow characteristics and other fun things. I think most > recent IOS version support it. Your router needs to be > CEF capable.
NBAR is badly broken in a number of code revisions. Test as many releases as you can to get an implementation that works, for the most part. IDS features are rife in IOS, nearly on all platforms. Your issue is going to be their actual usability and scalability, and whether they actually do what you need. Cheers, Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ All Archives can be found at http://www.mail-archive.com/[email protected]/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
