IDS mailing list archives
Re: Hi, I want to study IPS
From: "Greg Martin" <greg () ddos com>
Date: Sun, 23 May 2004 13:32:51 -0500 (CDT)
Stefano "Raistlin" Zanero,
> Some vendors use a baseline of the network and takeaction if the baseline changes drasticly.Examples ?
Arbor, Riverhead, Netzentry
Some use a 'negative space' technique which allows only valid traffic and considers all other traffic as a dos and drops it completely.entitled Again, examples ?
Melior iSecure, Toplayer Attack Mitigator And here is a real world example of how the an IPS is working to protect Spamhaus the biggest spammer blacklist. http://www.spamhaus.org/cyberattacks/index.html
IMHO IPS are nothing more than an integration of a firewall and an IDS concept. As such, they are rather fuzzy and vaporwar-ish enough to be very marketable.
Everyone is entitlted to their opinion... I think confusion everyone is having stems from marketing people pushing IPS hard at its baby stages when the technology WAS more or less 'advance firewall' features or firewalls with integrated IDS. Several years have past since whitepapers where published denying the value of IPS products and if you look at what is currently on the market you can clearly tell there is a big difference in performance and functionality. Also firewall vendors attempt to code to add IPS features to their current product with varying success. ie. Cisco PIX syn intercept and Checkpoints syn defender. Both will kill over after a moderate stream of random spoofed packets fill up its state tables. Ask any large company that constantly gets hit by dDoS attacks, IPS has arrived and it has value. regards, Greg --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- FW: Hi, I want to study IPS Tarek Amr Abdullah (May 12)
- <Possible follow-ups>
- RE: Hi, I want to study IPS Arun Vishwanathan (May 12)
- RE: Hi, I want to study IPS Arun Vishwanathan (May 12)
- RE: Hi, I want to study IPS Josh Mills (May 12)
- RE: Hi, I want to study IPS (infor) urko zurutuza (May 13)
- RE: Hi, I want to study IPS Velasquez Venegas Jaime Omar (May 13)
- Re: Hi, I want to study IPS Greg Martin (May 14)
- RE: Hi, I want to study IPS Omar Herrera (May 16)
- Re: Hi, I want to study IPS Raistlin (May 22)
- Re: Hi, I want to study IPS Greg Martin (May 25)
- Re: Hi, I want to study IPS Stefano Zanero (May 25)
- RE: Hi, I want to study IPS Ingevaldson, Dan (ISS Atlanta) (May 14)
- RE: Hi, I want to study IPS Runion Mark A FGA DOIM WEBMASTER(ctr) (May 25)
- Re: Hi, I want to study IPS Ali Rajput (May 26)
- Testing IDS/IPS Signatures Securecatalyst (May 28)
- Re: Testing IDS/IPS Signatures Andrea Barisani (May 28)
- Re: Testing IDS/IPS Signatures Ron Gula (May 28)
- Re: Testing IDS/IPS Signatures ravivsn (May 31)
- Re: Hi, I want to study IPS Ali Rajput (May 26)