IDS mailing list archives

RE: Network hardware IPS

From: Nimesh Vakharia <nvakhari () mil sunysb edu>
Date: Mon, 29 Sep 2003 23:48:55 -0400 (EDT)


Ah you missed ipEnforcer from iPolicy Networks. It sits inline (supports
offline as well) and is purpose built with network processors
(100Mbps-5Gbps, FE, GE, OC-48). Ability to stop attacks in real time (more
creative ways than fw hardening which we feel should not be a front-line
defense mechanism use by an IPS) and also has DDoS detection and
mitigation (active prevention) abilities. In addition the ipEnforcer
supports other applications like FW, VPN, URL Screening, Surveillance etc.
at those speeds. For more information see our website at ipolicynet.com If
anyone is interested, we can talk offline as well. (In case it was not
clear, I work for iPolicy Networks)

thanks,

Nimesh.


-----Original Message-----
From: Andy Cuff [Talisker]
Sent: Monday, September 29, 2003 11:00 AM
To: Alvin Wong; focus-ids () securityfocus com
Subject: Re: Network hardware IPS


Hi Alvin,
You may want to check out the salient details I collated for all the IPS
(Inline IDS) some time ago.  As far as I know it's still current though
they
seem a little thin on the ground


Hogwash - Is this still current?
Inline_Snort - Not sure if I found the official Home page
Intrushield
OneSecure - The site seems to be down (bites tongue about IPS)
RealSecure Guard - First one I played with
UnityOne
BorderGuard

I'm hoping some of the spotters or even Vendors (I'm not proud) can
highlight some that I'm missing.  If you hear of any please let me know!
take care
-andy
Talisker Security Tools Directory

----- Original Message -----
From: "Alvin Wong" <alvin.wong () b2b com my>
To: <focus-ids () securityfocus com>
Sent: Monday, September 29, 2003 9:30 AM
Subject: Network hardware IPS

Hi,

I'm interested to find out if anyone can share their experiences or
recommend a network hardware IPS that is deployed in front of the
gateway which is able to detect attack signatures and at the same time,
actively blocking out these attacks, alerting me in the process.

This would be different from a passive IDS which depends on correlating
the logs every time an alert pops up. An ideal solution would be to be
able to detect the patterns and prevent them automatically, can a
network IPS do this?

I understand that it is possible in some IDS to do a TCP reset after one
had confirmed that the connection is not acceptable, can anyone explain
whether an IDS that can do this be actually "active" as opposed to
passive?

It would also be interesting if there could be some amount of trend
analysis built in which can review the destination/source ip traffic
over time, which can be used to identify particular boxes which are
easily targeted, which would mean that more work needs to be done for
that box.

Regards,
Alvin

--------------------------------------------------------------------------
-

Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance

Policies

FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo

--------------------------------------------------------------------------
-



---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo

---------------------------------------------------------------------------



---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------

Current thread:

RE: Network hardware IPS, (continued)
- RE: Network hardware IPS Alan Shimel (Sep 29)
- Re: Network hardware IPS Andy Cuff [Talisker] (Sep 29)
- Re: Network hardware IPS nick black (Sep 30)
- Re: Network hardware IPS Ravi Kumar (Sep 30)
- RE: Network hardware IPS JAVIER OTERO (Sep 29)
  - Message not available
    - Network hardware IPS Alvin Wong (Sep 30)
    - Re: Network hardware IPS Cory Stoker (Sep 30)
- RE: Network hardware IPS JAVIER OTERO (Sep 30)
- RE: Network hardware IPS travis . alexander (Sep 30)
- RE: Network hardware IPS JAVIER OTERO (Sep 30)
- RE: Network hardware IPS Nimesh Vakharia (Sep 30)
- RE: Network hardware IPS Bob Walder (Sep 30)