Re: Signatures taking down network

[Paul Schmehl <pauls () utdallas edu>]

Talk to your TP rep.  They just discovered a DoS issue with some HTML 
attacks that are ongoing, which requires a TOS update.  The update is 
available.  They should be able to provide it to you or do it for you on 
the demo box.

--On Saturday, January 14, 2006 09:03:53 -0500 David Williams 
<dwilliamsd () gmail com> wrote:

> I'm evaluating a Tipping Point box and after gettting the latest
> signatures I'm having problems with the box "crashing".  My goal is
> not to bash Tipping Point, but instead to gather information on how
> often people have seen this type of thing among IPS boxes.
>
> Is there a trend with vendors to roll out signatures as fast as
> possible without proper QA?  This brings up a lot of questions about
> deploying IPS.  I want two opposite things from my vendors:  1) I want
> the latest signatures super fast.  2)  I want proper QA so that it
> doesn't bring down my network.  I realize those two things are
> contradictory, but I thought I'd throw it out there to see if anybody
> had any thoughts.
>
> thanks,
>
> d
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------



Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------