IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: interesting paper on testing sig-based IDS

From: Shai Rubin <shai () cs wisc edu>
Date: Wed, 02 Mar 2005 09:50:41 -0600


buineach wrote:


Hi
I just joined this forum so apologies if this has been asked/answered before.

Is this tool available to the general public as I do a lot of IPS
testing and would like to verify further the framentation and TCP
segment handling of these inline products. ?
The AGENT tool might be available in few weeks, for academic use only. If you are interested in a commercial use, please contact me. 


A real concern I have with inline IPS that depend on a central CPU to
deal with fragmentation and segmentation evasion is that an overload
attack with this traffic will make the IPS the weakest link in the
network.
Your concerns are justified. I assume that any software-based NIDS will suffer from such a attack. 

Shai


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: