IDS mailing list archives
Re: RE : Denial of Service: Commercial Defense products
From: Roland Dobbins <rdobbins () cisco com>
Date: Mon, 28 Nov 2005 10:32:35 -0800
Arobr Peakflow/X is a NetFlow-based behavioral anomaly-detection system; it models communications relationships, and generates anomalies when odd/disallowed communications relationships are established. I've played with it in the lab, but not used it in production as I have Arbor Peakflow SP; it's an interesting product, with the potential to detect compromised hosts which aren't performing explicitly hostile actions such as launching DDoS attacks or mass spamming, but that are scanning more more hosts to compromise, communicating with botnet controllers, etc.
On Nov 25, 2005, at 6:26 PM, Bourque Daniel wrote:
Anybody have test PeakFlow-X from Arbon Networks inside their network? Anybody using it? -----Message d'origine----- De : Nathan Davidson [mailto:ndavidso () globix com] Envoyé : 24 novembre, 2005 11:36 À : Joel Friedman; focus-ids () securityfocus com Objet : RE: Denial of Service: Commercial Defense products I performed the same tests and larger on the Toplayer 5500-1000 withvirtually zero latentcy. Throughput is very important, so is the size of your pipe and the ability to finely tune policy. This is why I think theToplayer is a good choice for most implmentations.IMHO the Riverhead and Arbor are also good products for ISPs looking to do a large backbone deployment as they can dynamically change routing in thenetwork based on anomily detection (this also means extra equipment isrequired). Whilst the Toplayer is good for proxy based and point solutions,bare in mind that a point solution can be a multi gig pipe. -----Original Message----- From: Joel Friedman [mailto:jfriedman () datapipe com] Sent: Wed 23/11/2005 20:07 To: focus-ids () securityfocus com Cc: Subject: RE: Denial of Service: Commercial Defense products---------------------------------------------------------------------- --Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- ids_040708to learn more.---------------------------------------------------------------------- --
-------------------------------------------------------------------- Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice Algorithm agility is an essential feature in any Internet protocol. -- Bruce Schneier ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: RE : Denial of Service: Commercial Defense products Roland Dobbins (Dec 01)