IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hi, I want to study IPS

From: "Greg Martin" <greg () ddos com>
Date: Sun, 23 May 2004 13:32:51 -0500 (CDT)
Stefano "Raistlin" Zanero,


 > Some vendors use a baseline of the network and take

action if the baseline changes drasticly.


Examples ?


Arbor, Riverhead, Netzentry




Some use a 'negative
space' technique which allows only valid traffic and considers all
other traffic as a dos and drops it completely.

entitled
Again, examples ?


Melior iSecure, Toplayer Attack Mitigator

And here is a real world example of how the an IPS is working to protect
Spamhaus the biggest spammer blacklist.

http://www.spamhaus.org/cyberattacks/index.html


IMHO IPS are nothing more than an integration of a firewall and an IDS
concept. As such, they are rather fuzzy and vaporwar-ish enough to be
very marketable.


Everyone is entitlted to their opinion... I think confusion everyone is
having stems from  marketing people pushing IPS hard at its baby stages
when
the technology WAS more or less 'advance firewall' features or firewalls
with integrated IDS.  Several years have past since whitepapers where
published denying the value of IPS products and if you look at what is
currently on the market you can clearly tell there is a big difference in
performance and functionality.

Also firewall vendors attempt to code to add IPS features to their current
product with varying success.
ie. Cisco PIX syn intercept and Checkpoints syn defender.
Both will kill over after a moderate stream of random spoofed packets fill
up its state tables.

Ask any large company that constantly gets hit by dDoS attacks, IPS has
arrived and it has value.


regards,
Greg


---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: