I sent a reply privately earlier to original request, about my own personal preferences, but Gadi's reply prompted me to respond publicly. :-) All-in-all, I find that an IDS (NFR-style) has a quite useful utility. Your choice of such a utility is, of ourse, another matter entirely. :-) - ferg -- Gadi Evron <ge@linuxbox.org> wrote: Edward W. Ray wrote:

Tipping Point IPS is the gold standard these days. Signature-based, which annual fee to get the signatures. Signatures are usually weekly at a minimum. I use the Unity 50, but they do have Gbps IPS. All of their IPSes are "bump-in-the-wire" which means that you do not have to assign an address (operates at layer2 instead of layer 3).

Not to say anything about Edward, but this thread is going to be mostly full of commercial injections. Except for one network I have been in charge with I have never found the need for any I[DP]S product and find them an almost complete waste of time and money. Gadi. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/