IDS mailing list archives
RE: Hi, I want to study IPS
From: "Shafi, Shahid" <sshafi () qualcomm com>
Date: Tue, 25 May 2004 12:52:00 -0700
Anbody dealing with Mazu Networks Profiler? Its not in IPS category yet only NIDS, but they are planning to explore that area soon? Thanks, Shahid -----Original Message----- From: Greg Martin [mailto:greg () ddos com] Sent: Sunday, May 23, 2004 11:33 AM To: Raistlin Cc: focus-ids () securityfocus com Subject: Re: Hi, I want to study IPS Stefano "Raistlin" Zanero,
> Some vendors use a baseline of the network and takeaction if the baseline changes drasticly.Examples ?
Arbor, Riverhead, Netzentry
Some use a 'negative space' technique which allows only valid traffic and considers all other traffic as a dos and drops it completely.entitled Again, examples ?
Melior iSecure, Toplayer Attack Mitigator And here is a real world example of how the an IPS is working to protect Spamhaus the biggest spammer blacklist. http://www.spamhaus.org/cyberattacks/index.html
IMHO IPS are nothing more than an integration of a firewall and an IDS
concept. As such, they are rather fuzzy and vaporwar-ish enough to be very marketable.
Everyone is entitlted to their opinion... I think confusion everyone is having stems from marketing people pushing IPS hard at its baby stages when the technology WAS more or less 'advance firewall' features or firewalls with integrated IDS. Several years have past since whitepapers where published denying the value of IPS products and if you look at what is currently on the market you can clearly tell there is a big difference in performance and functionality. Also firewall vendors attempt to code to add IPS features to their current product with varying success. ie. Cisco PIX syn intercept and Checkpoints syn defender. Both will kill over after a moderate stream of random spoofed packets fill up its state tables. Ask any large company that constantly gets hit by dDoS attacks, IPS has arrived and it has value. regards, Greg ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: Hi, I want to study IPS, (continued)
- Re: Hi, I want to study IPS Raistlin (May 22)
- Re: Hi, I want to study IPS Greg Martin (May 25)
- Re: Hi, I want to study IPS Stefano Zanero (May 25)
- Re: Hi, I want to study IPS Raistlin (May 22)
- RE: Hi, I want to study IPS Ingevaldson, Dan (ISS Atlanta) (May 14)
- RE: Hi, I want to study IPS Runion Mark A FGA DOIM WEBMASTER(ctr) (May 25)
- Re: Hi, I want to study IPS Ali Rajput (May 26)
- Testing IDS/IPS Signatures Securecatalyst (May 28)
- Re: Testing IDS/IPS Signatures Andrea Barisani (May 28)
- Re: Testing IDS/IPS Signatures Ron Gula (May 28)
- Re: Testing IDS/IPS Signatures ravivsn (May 31)
- Re: Hi, I want to study IPS Ali Rajput (May 26)