Educause Security Discussion mailing list archives
IPS vulnerable to Spoofing
From: Dave Huth <Dave.Huth () UTAH EDU>
Date: Thu, 16 Feb 2006 18:52:46 -0700
IPS systems detect attacks and react to stop the attack in real time. An in-line IPS will usually filter the attacking traffic. Out-of-band IPS systems usually reset the connection or insert a firewall rule to block the traffic. In either case (especially out-of-band) an attacker can spoof an IP address of a valuable service having the IPS react not on the attacker but on the valuable service. Has anyone done a risk assessment of out-of-band IPS with the spoof in mind? Dave Huth OIT Technical Services University of Utah
Current thread:
- IPS vulnerable to Spoofing Dave Huth (Feb 16)
- <Possible follow-ups>
- Re: IPS vulnerable to Spoofing John Kemp (Feb 16)
- Re: IPS vulnerable to Spoofing Valdis Kletnieks (Feb 17)
- Re: IPS vulnerable to Spoofing Valdis Kletnieks (Feb 17)