[c-nsp] Monitoring HTTP / url access @10gig
Ge Moua
moua0100 at umn.edu
Mon Oct 5 09:59:15 EDT 2009
I'm a bit surprise you were not able to match on IPv6 addresses; will
something like this get any IPv6 traffic at all?
ipv6 access-list IPv6-Sample-ACL
permit ipv6 any any
To answer your question:
current:
* Vlan based SPANs, with edge feed on dot.1q trunk; this allows for
"poor man" granularity by vlan ("permit all" & not as good as VACL)
* IDS are open-bsd running snort with extensive ruleset for matching
attack signatures
not-so-distant-future (which will buy as a few years):
* net-optics
In my opinion all of this is analogous to an "arms race" where at some
point traffic volume over-runs current method or technology used then
the whole design needs to be re-visited again; but then again IT is
somewhat like that by nature.
Regards,
Ge Moua | Email: moua0100 at umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
2218 University Ave SE | Minneapolis, MN 55414-3029
Office: 612.626.2779 | Pager: 612.648.0103 | Fax: 612.626.1818
Phil Mayers wrote:
> Ge Moua wrote:
>> We beta tested the GigaMon platform and for the most part it does
>> what it claims it can do; basically takes a span feed and "fans" it
>> out for analysis; in the end it was just too $$pricey$$ (> ~$100K
>> USD); seems like the target mkt are carriers and large service
>> providers.
>>
>> Our OITSecurity group has been looking at NetOptics as a less
>> expensive alternative:
>> http://www.network-taps.eu/home/home.php
>>
>> Does basically the same as the Gigamon but not nearly as expensive
>> (~$50K USD); albeit with less bells and whistles.
>
> Which specific products are you using, if you don't mind my asking?
More information about the cisco-nsp
mailing list