IDS mailing list archives

Re: IPS with no IP address?

From: nick black <dank () qemfd net>
Date: Fri, 7 Jan 2005 20:47:55 +0000 (UTC)

On 2005-01-05, Jeff McCarthy <intel1914a () yahoo com> wrote:

I recently sat in on an IPS vendor presentation. They
stated that their IPS has 2 Ethernet interfaces,
neither of which have IP addresses yet they can manage
and monitor the device over IP.  I thought this was
interesting and somewhat unique.


Perhaps they meant to say "2 ethernet interfaces usable for filtering?"
Our device here at Reflex ships with a minimum of 3 interfaces. One is
configured as the "management" interface, designed to link with a
monitoring console via crossover cable in the optimal case
(authentication, privacy etc are of course ensured by more than this
expectation, but it protects against bandwidth-based DoS of the alert
channel). This interface has an IP visible to the world. Other
interfaces can be freely bound to sniffers, filtering bridges or
proxying + filtering bridges, and no IP is visible.

-- 
nick black                  "np:  the class of dashed hopes and idle dreams."


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

IPS with no IP address? Jeff McCarthy (Jan 06)
- Re: IPS with no IP address? Dennis Cox (Jan 06)
- Re: IPS with no IP address? nick black (Jan 08)
- Re: IPS with no IP address? Brad McGary (Jan 08)
- RE: IPS with no IP address? Mike Barkett (Jan 12)
- <Possible follow-ups>
- Re: IPS with no IP address? Scott (Jan 06)