Educause Security Discussion mailing list archives

IPS vulnerable to Spoofing

From: Dave Huth <Dave.Huth () UTAH EDU>
Date: Thu, 16 Feb 2006 18:52:46 -0700

IPS systems detect attacks and react to stop the attack in real time.  An in-line IPS will usually filter the attacking 
traffic.  Out-of-band IPS systems usually reset the connection or insert a firewall rule to block the traffic.  In 
either case (especially out-of-band) an attacker can spoof an IP address of a valuable service having the IPS react not 
on the attacker but on the valuable service.
 
Has anyone done a risk assessment of out-of-band IPS with the spoof in mind?
 
Dave Huth
OIT Technical Services
University of Utah

Current thread:

IPS vulnerable to Spoofing Dave Huth (Feb 16)
- <Possible follow-ups>
- Re: IPS vulnerable to Spoofing John Kemp (Feb 16)
- Re: IPS vulnerable to Spoofing Valdis Kletnieks (Feb 17)
- Re: IPS vulnerable to Spoofing Valdis Kletnieks (Feb 17)