IDS mailing list archives
RE: Hi, I want to study IPS
From: "Runion Mark A FGA DOIM WEBMASTER(ctr)" <mark.runion () us army mil>
Date: Mon, 24 May 2004 17:29:30 -0000
Vaporwar-ish, or vapor-ware-ish? IPS is a wonderful concept. The few working incidents I've worked with are much larger scale, and use a more structured network. The concept discussed here as "IPS" is terribly limited if only implemented as a standalone piece of a network security wall. Consider using IDS on lan segments comprising pieces of the inbound and outbound traffic lanes in a network. These system push gathered data to a control center (distributed if you can afford it). The control center monitors and tracks applicant data across the entire network (imagen a telco that might own the entire US data backbone). The control center might have various means of monitoring, tracking, and escalation for various in process attacks. The notion that a distributed Denial of Service cannot be stopped is a bit out of date. Many are, but it is always a credible legal issue. Imagen Johhny the Scumbag, sitting in his apartment on 46th street. Starts his attack using <insert pathetic script here>, and sits back to see the results. 10 seconds later his cable modem stops transmitting. 20 minutes later, there is a knock on the front door; the Police would like to chat. Okay, so the police actually getting there in 20 minutes is voyeuristic, but it could happen, maybe... - Mark Runion "Vapor trails are what novices try to follow, though never noticed by those who do it." -----Original Message----- From: Raistlin [mailto:raistlin () gioco net] Sent: Saturday, May 22, 2004 1:49 PM To: Greg Martin; focus-ids () securityfocus com Subject: Re: Hi, I want to study IPS Greg Martin wrote:
Some vendors use a baseline of the network and take action if the baseline changes drasticly.
Examples ?
Some use a 'negative space' technique which allows only valid traffic and considers all other traffic as a dos and drops it completely.
Again, examples ? IMHO IPS are nothing more than an integration of a firewall and an IDS concept. As such, they are rather fuzzy and vaporwar-ish enough to be very marketable. -- Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: Hi, I want to study IPS, (continued)
- RE: Hi, I want to study IPS Arun Vishwanathan (May 12)
- RE: Hi, I want to study IPS Josh Mills (May 12)
- RE: Hi, I want to study IPS (infor) urko zurutuza (May 13)
- RE: Hi, I want to study IPS Velasquez Venegas Jaime Omar (May 13)
- Re: Hi, I want to study IPS Greg Martin (May 14)
- RE: Hi, I want to study IPS Omar Herrera (May 16)
- Re: Hi, I want to study IPS Raistlin (May 22)
- Re: Hi, I want to study IPS Greg Martin (May 25)
- Re: Hi, I want to study IPS Stefano Zanero (May 25)
- RE: Hi, I want to study IPS Ingevaldson, Dan (ISS Atlanta) (May 14)
- RE: Hi, I want to study IPS Runion Mark A FGA DOIM WEBMASTER(ctr) (May 25)
- Re: Hi, I want to study IPS Ali Rajput (May 26)
- Testing IDS/IPS Signatures Securecatalyst (May 28)
- Re: Testing IDS/IPS Signatures Andrea Barisani (May 28)
- Re: Testing IDS/IPS Signatures Ron Gula (May 28)
- Re: Testing IDS/IPS Signatures ravivsn (May 31)
- Re: Hi, I want to study IPS Ali Rajput (May 26)