IDS mailing list archives
RE: Hi, I want to study IPS
From: "(infor) urko zurutuza" <uzurutuza () eps mondragon edu>
Date: Tue, 13 Jul 2004 17:26:49 +0200
Hi all, Continuing with this questions, we are planning a laboratory for research in the university. Which do you think that are computer requirements for a Network based Anomaly Detection research? Urko
-----Mensaje original----- De: Ali Rajput [mailto:arajput () hdaar com] Enviado el: martes, 25 de mayo de 2004 17:10 Para: focus-ids () securityfocus com Asunto: Re: Hi, I want to study IPS HI, My name is Muhammad Ali Rajput, Its good to hear that you want to study IPS. One thing you can do
visit
www.sans.org; here you can find information to get started. IPS is quite new concept but nothing is impossible, maybe your 20
mintue
idea can work. Presently i am working on a host-based IDS (for Windows 2000 pro) to submit as a degree project. You can mail me back if you need any information regarding this. On Tuesday 25 May 2004 07:29, Runion Mark A FGA DOIM WEBMASTER(ctr)
wrote:
Vaporwar-ish, or vapor-ware-ish? IPS is a wonderful concept. The few working incidents I've worked
with
aremuch larger scale, and use a more structured network. The concept discussed here as "IPS" is terribly limited if only implemented as a standalone piece of a network security wall. Consider using IDS on lan segments comprising pieces of the inbound
and
outbound traffic lanes in a network. These system push gathered
data to
acontrol center (distributed if you can afford it). The control
center
monitors and tracks applicant data across the entire network (imagen
a
telco that might own the entire US data backbone). The control
center
might have various means of monitoring, tracking, and escalation for various in process attacks. The notion that a distributed Denial of Service cannot be stopped is a bit out of date. Many are, but it isalwaysa credible legal issue. Imagen Johhny the Scumbag, sitting in his apartment on 46th street.Startshis attack using <insert pathetic script here>, and sits back to see
the
results. 10 seconds later his cable modem stops transmitting. 20minuteslater, there is a knock on the front door; the Police would like tochat.Okay, so the police actually getting there in 20 minutes is
voyeuristic,
but it could happen, maybe... - Mark Runion "Vapor trails are what novices try to follow, though never noticed
by
thosewho do it." -----Original Message----- From: Raistlin [mailto:raistlin () gioco net] Sent: Saturday, May 22, 2004 1:49 PM To: Greg Martin; focus-ids () securityfocus com Subject: Re: Hi, I want to study IPS Greg Martin wrote: > Some vendors use a baseline of the network and takeaction if the baseline changes drasticly.Examples ?Some use a 'negative space' technique which allows only valid traffic and considers all other traffic as a dos and drops it completely.Again, examples ? IMHO IPS are nothing more than an integration of a firewall and an
IDS
concept. As such, they are rather fuzzy and vaporwar-ish enough to
be
very marketable.
------------------------------------------------------------------------ --
-
------------------------------------------------------------------------ --
-
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: Hi, I want to study IPS (infor) urko zurutuza (Jul 13)
- RE: Hi, I want to study IPS Chris Petersen (Jul 14)
- RE: Hi, I want to study IPS Mitchell Ashley (Jul 15)
- RE: Hi, I want to study IPS Anton A. Chuvakin (Jul 15)
- <Possible follow-ups>
- RE: Hi, I want to study IPS Vincent . Maes (Jul 20)
- RE: Hi, I want to study IPS Chatprechakul Mr N (Jul 20)
- RE: Hi, I want to study IPS Chris Petersen (Jul 14)