RE: Hi, I want to study IPS

["(infor) urko zurutuza" <uzurutuza () eps mondragon edu>]

Hi all,

Continuing with this questions, we are planning a laboratory for
research in the university.

Which do you think that are computer requirements for a Network based
Anomaly Detection research?



Urko

> -----Mensaje original-----
> De: Ali Rajput [mailto:arajput () hdaar com]
> Enviado el: martes, 25 de mayo de 2004 17:10
> Para: focus-ids () securityfocus com
> Asunto: Re: Hi, I want to study IPS
>
> HI,
> My name is Muhammad Ali Rajput,
> Its good to hear that you want to study IPS. One thing you can do
visit
> www.sans.org; here you can find information to get started.
> IPS is quite new concept but nothing is impossible, maybe your 20
mintue
> idea
> can work.
> Presently i am working on a host-based IDS (for Windows 2000 pro) to
> submit as
> a degree project.
> You can mail me back if you need any information regarding this.
>
> On Tuesday 25 May 2004 07:29, Runion Mark A FGA DOIM WEBMASTER(ctr)
wrote:
> > Vaporwar-ish, or vapor-ware-ish?
> >
> > IPS is a wonderful concept.  The few working incidents I've worked
with
> are
> > much larger scale, and use a more structured network.  The concept
> > discussed here as "IPS" is terribly limited if only implemented as a
> > standalone piece of a network security wall.
> >
> > Consider using IDS on lan segments comprising pieces of the inbound
and
> > outbound traffic lanes in a network.  These system push gathered
data to
> a
> > control center (distributed if you can afford it).  The control
center
> > monitors and tracks applicant data across the entire network (imagen
a
> > telco that might own the entire US data backbone).  The control
center
> > might have various means of monitoring, tracking, and escalation for
> > various in process attacks.  The notion that a distributed Denial of
> > Service cannot be stopped is a bit out of date.  Many are, but it is
> always
> > a credible legal issue.
> >
> > Imagen Johhny the Scumbag, sitting in his apartment on 46th street.
> Starts
> > his attack using <insert pathetic script here>, and sits back to see
the
> > results.  10 seconds later his cable modem stops transmitting.  20
> minutes
> > later, there is a knock on the front door; the Police would like to
> chat.
> > Okay, so the police actually getting there in 20 minutes is
voyeuristic,
> > but it could happen, maybe...
> >
> > -
> > Mark Runion
> >
> > "Vapor trails are what novices try to follow, though never noticed
by
> those
> > who do it."
> >
> >
> > -----Original Message-----
> > From: Raistlin [mailto:raistlin () gioco net]
> > Sent: Saturday, May 22, 2004 1:49 PM
> > To: Greg Martin; focus-ids () securityfocus com
> > Subject: Re: Hi, I want to study IPS
> >
> > Greg Martin wrote:
> >  > Some vendors use a baseline of the network and take
> > > action if the baseline changes drasticly.
> >
> > Examples ?
> >
> > > Some use a 'negative
> > > space' technique which allows only valid traffic and considers all
> > > other traffic as a dos and drops it completely.
> >
> > Again, examples ?
> >
> > IMHO IPS are nothing more than an integration of a firewall and an
IDS
> > concept. As such, they are rather fuzzy and vaporwar-ish enough to
be
> > very marketable.
------------------------------------------------------------------------
--
> -
------------------------------------------------------------------------
--
> -



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------