Re: IPS - Cisco vs. McAfee vs. Tippingpoint

[Paul Schmehl <pschmehl_lists () tx rr com>]

--On Thursday, July 30, 2009 04:09:32 -0500 Hurgel Bumpf 
<l0rd_lunatic () yahoo com> wrote:

> Hi Paul,
>
> thank you for your valuable input.
>
> The box was definately not overloaded, it just ran amok killing sessions :)

Wouldn't that be the definition of overloaded?  :-)

> Please see my answer to Larry with further informations about this incident.
> There i also describe why the 2400 does not log ip adresses.

I think it's kind of moot, since the evidence suggests that an IPS is not the 
right solution for the problem you're trying to solve.

As others have suggested, if you're trying to protect against DDoS attacks, IPS 
devices are probably not the right approach.  DDoS attacks are a special 
category of attack that take specialized equipment as well as coordination with 
your upstream vendors to overcome.  And frankly, I'm not convinced there really 
is an answer.  Drive enough "legitimate" traffic to a site, any site, no matter 
how well it's sized and load balanced, and you will DoS the site.  DDoS 
appliances can mitigate but not completely stop that sort of attack, especially 
from distributed botnets with nodes all over the world.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.


-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194