IDS mailing list archives
Re: IPS - Cisco vs. McAfee vs. Tippingpoint
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Thu, 30 Jul 2009 14:50:01 +0000
--On Thursday, July 30, 2009 04:09:32 -0500 Hurgel Bumpf <l0rd_lunatic () yahoo com> wrote:
Hi Paul, thank you for your valuable input. The box was definately not overloaded, it just ran amok killing sessions :)
Wouldn't that be the definition of overloaded? :-)
Please see my answer to Larry with further informations about this incident. There i also describe why the 2400 does not log ip adresses.
I think it's kind of moot, since the evidence suggests that an IPS is not the right solution for the problem you're trying to solve.
As others have suggested, if you're trying to protect against DDoS attacks, IPS devices are probably not the right approach. DDoS attacks are a special category of attack that take specialized equipment as well as coordination with your upstream vendors to overcome. And frankly, I'm not convinced there really is an answer. Drive enough "legitimate" traffic to a site, any site, no matter how well it's sized and load balanced, and you will DoS the site. DDoS appliances can mitigate but not completely stop that sort of attack, especially from distributed botnets with nodes all over the world.
-- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* Check the headers before clicking on Reply. ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint, (continued)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Paul Schmehl (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Joel Esler (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Laurens Vets (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Joel Esler (Jul 29)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint Diego Garay (Jul 29)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Gary Halleen (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint C-Info (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Trygve Aasheim (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint info (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Paul Schmehl (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Paul Schmehl (Jul 29)