IDS mailing list archives
Re: Denial of Service: Commercial Defense products
From: Stefano Zanero <zanero () elet polimi it>
Date: Tue, 03 Jan 2006 23:45:44 +0100
Kyle Quest wrote:
This is just some background info on this new (D)DoS technology Radware has, so people have a better idea of what Avi is talking about...
Let's see...
These parameters are: 1. Source IP.
[...]
17. DNS query ID.
Basically, any numeric parameter which can be extracted from a TCP flow then...
They create dynamic filters and see what kind of effect they have and how the blocked traffic source behaves. Based on those results they adjust those filters.
OK, this is what any anomaly detection system would do. It would be nice if vendors sometimes added something like "how are we using the data" :)
The way things work it's not unusual for them to block legitimate traffic for a very small period of time while they are trying to figure out if traffic they are processing is bad or good.
Yes, this is pretty much the idea of everyone in the field :-D Stefano -- Cordiali saluti, Stefano Zanero Dottorando di Ricerca / Ph.D. Student Politecnico di Milano - Dip. Elettronica e Informazione Via Ponzio, 34/5 I-20133 Milano - ITALY Tel. +39 02 2399-4010/3660 Fax. +39 02 2399-3411 E-mail: zanero () elet polimi it Web: www.elet.polimi.it/upload/zanero ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Denial of Service: Commercial Defense products avi chesla (Jan 02)
- <Possible follow-ups>
- Re: Denial of Service: Commercial Defense products Securesolutions (Jan 02)
- Re: Denial of Service: Commercial Defense products avi chesla (Jan 05)
- Re: Denial of Service: Commercial Defense products Securesolutions (Jan 11)
- Re: Denial of Service: Commercial Defense products avi chesla (Jan 05)
- Re: Denial of Service: Commercial Defense products Stefano Zanero (Jan 05)