IDS mailing list archives
Re: IPS with no IP address?
From: nick black <dank () qemfd net>
Date: Fri, 7 Jan 2005 20:47:55 +0000 (UTC)
On 2005-01-05, Jeff McCarthy <intel1914a () yahoo com> wrote:
I recently sat in on an IPS vendor presentation. They stated that their IPS has 2 Ethernet interfaces, neither of which have IP addresses yet they can manage and monitor the device over IP. I thought this was interesting and somewhat unique.
Perhaps they meant to say "2 ethernet interfaces usable for filtering?" Our device here at Reflex ships with a minimum of 3 interfaces. One is configured as the "management" interface, designed to link with a monitoring console via crossover cable in the optimal case (authentication, privacy etc are of course ensured by more than this expectation, but it protects against bandwidth-based DoS of the alert channel). This interface has an IP visible to the world. Other interfaces can be freely bound to sniffers, filtering bridges or proxying + filtering bridges, and no IP is visible. -- nick black "np: the class of dashed hopes and idle dreams." -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IPS with no IP address? Jeff McCarthy (Jan 06)
- Re: IPS with no IP address? Dennis Cox (Jan 06)
- Re: IPS with no IP address? nick black (Jan 08)
- Re: IPS with no IP address? Brad McGary (Jan 08)
- RE: IPS with no IP address? Mike Barkett (Jan 12)
- <Possible follow-ups>
- Re: IPS with no IP address? Scott (Jan 06)