Re: IPS

["Jack Whitsitt (jofny)" <seclists () violating us>]

No experience with Top Layer's stuff - although I, too, am interested in
hearing from others.

For IPS there is at least:
1) Hogwash: Layer 2 packet mangler based on Snort originally. Now moving
away from Snort...it drops, logs, or alters packets according to IDS
rules.http://hogwash.sourcforge.net

2) Snort-inline: Similar to Hogwash
http://www.snort.org

3) Bait and Switch Honeypot System: uses Snort (and it a part of the most
current Hogwash release) to redirect hostile traffic to a honeypot based
on IDS rules.http://baitnswitch.sourceforge.net


-jofny

> Hi
> Has anyone experience with Top Layer's Attack Mitigator IPS
> does someone have 'daily'/ 'real live' experience with this product?(
> eg how did they handle the slammer issue& recent other MS flaws, or
> unix flaws) so far just found only commercial tests
> Client would like to know if there any similar IPS available either
> free or commercial one's at first needed for an MS environment
>
>
>
> Cheers
> JC