IDS mailing list archives
Re: IPS - Cisco vs. McAfee vs. Tippingpoint
From: Hurgel Bumpf <l0rd_lunatic () yahoo com>
Date: Thu, 30 Jul 2009 09:43:49 +0000 (GMT)
Hi Gary, thank you for your valuable input. indeed my main focus is on protecting our systems from (D)DOS attacks. I start to like the peakflow product more and more. Thank you all for pointing that out! Andre --- Gary Halleen <ghalleen () cisco com> schrieb am Mi, 29.7.2009:
Von: Gary Halleen <ghalleen () cisco com> Betreff: Re: IPS - Cisco vs. McAfee vs. Tippingpoint An: "Hurgel Bumpf" <l0rd_lunatic () yahoo com>, focus-ids () securityfocus com Datum: Mittwoch, 29. Juli 2009, 15:07 Hurgel, While I think you'll be happy with the features and performance of Cisco's IPS (especially if you are using 7.0 software, which comes with Reputation Filtering and Global Correlation capabilities), you should keep in mind that an IPS is not always the best solution for DDoS protection. Depending on the type and severity of the DDoS attack, the IPS may provide what you are looking for, especially if you configure it to block or rate-limit on an upstream device, like a router, switch, or firewall. You may also want to take a look at Arbor's Peakflow products, as well as Cisco's Guard/Detector products. Both of these are designed with DDoS protection as primary features. They also are typically deployed both at the customer's site, as well as upstream, so that DDoS traffic is never eating up your bandwidth to the Internet once an attack is detected. Gary On 7/29/09 5:25 AM, "Hurgel Bumpf" <l0rd_lunatic () yahoo com> wrote:Hi List, i need to protect a "realtime" website with an inlineIPS from (D)DOS attacks.I had some bad experience with Tippingpoint UnityOne2400 field test. Thedevice dropped to much sessions until all connectivitywas lost.After that no investigation was not possible as TPlogs all attack informationwith IP address 0.0.0.0 The vendor excused this with the layered technologyand passing the IP addressfrom the hardware to the logger would lead to delayedpackages)This is unacceptable. i'm now looking forward to test a Cisco IPS 4270-20and a McAfee NetworkSecurity 4050 appliance. Who has a good/bad experience with that devices? Is ittrue that all devicesdon't log ip adresses? My dream appliance would be able to run like in a 7day learning mode whichcounts max new sessions per second, max sessions perclient aso. After this 7days it creates a filter with +x% of the learnedvalues and sets these limitsactive. A big problem is that i have to install it into theproductive system to getthe real values. I dont have any fixed valuesregarding the new sessions persecond and i cant just guess and set values and renderthe system offline.All information is highly appreciated! Thank you very much for your time, Andre-----------------------------------------------------------------Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how theyoperate and theirapplication. By making use of an SSL certificate onyour web server, you cansecurely collect sensitive information online, andincrease business by givingyour customers confidence that their transactions aresafe.http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint, (continued)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Laurens Vets (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Laurens Vets (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Paul Schmehl (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Joel Esler (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Laurens Vets (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Joel Esler (Jul 29)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint Diego Garay (Jul 29)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Gary Halleen (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint C-Info (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Trygve Aasheim (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint info (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Paul Schmehl (Jul 30)