+1 for Bro http://www.bro.org
http://packetpushers.net/healthy-paranoia-show-11-bro-the-outer-limits-of-ids/ Sent from my iPad On Jun 13, 2013, at 2:32 PM, Eric Wustrow <ew...@umich.edu> wrote: > Hi all, > > I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps > link, with new blocked flows being dropped within a millisecond or so of > being > added. I've been looking into using OpenFlow on an HP Procurve, but I don't > know much in this area, so I'm looking for better alternatives. > > Ideally, such a device would add minimal latency (many/expandable CAM > entries?), can handle many programatically added flows (hundreds per > second), > and would be deployable in a production network (fails in bypass mode). Are > there any > COTS devices I should be looking at? Or is the market for this all under > the table to > pro-censorship governments? > > Thanks, > > -Eric