| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Sep 29 00:16:12 2005 From: pauls at utdallas.edu (Paul Schmehl) Subject: Suggestion for IDS --On Wednesday, September 28, 2005 17:48:59 +0100 "Paul S. Brown" <pol@...kstuff.tv> wrote: > On Wednesday 28 September 2005 16:56, Michael Holstein wrote: >> > If you NAT a lot, PIX can't handle the load. It also isn't flexible >> > enough. >> >> Huh? .. the FWSM (which is PIX and you can have 4 of them in a chassis) >> can handle 100 intefaces, 5gpbs, 100k CPS, and 1M concurrent per blade. >> >> http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/ >> >> Show me an OpenBSD system that can handle 400 interfaces, 20gbps, and 4M >> connections (and can do HSRP, etc). >> >> (I'm not trying to start an open-source "holy war" on a newsgrop .. I >> use pf too, where I need the granularity -- just not on the whole >> network). > > I suspect the argument here has to be cost-for-cost - in the price range > for a decent beefy OpenBSD box you aren't going to be using FWSMs, and I > can quite believe that the PIXen in that price range don't perform - the > PIX 501 is specced at 60MB/s throughput and the cheapest retail price I > can find for it is $678 for the unlimited license version - for the same > money you can get a beefy PC which will push quite a bit more than 60MB/s > $678? Ours were in the mid five figure range. You must be talking about SOHO units. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/
Powered by blists - more mailing lists