Re: RE : Denial of Service: Commercial Defense products

[Roland Dobbins <rdobbins () cisco com>]

Arobr Peakflow/X is a NetFlow-based behavioral anomaly-detection  
system; it models communications relationships, and generates  
anomalies when odd/disallowed communications relationships are  
established.  I've played with it in the lab, but not used it in  
production as I have Arbor Peakflow SP; it's an interesting product,  
with the potential to detect compromised hosts which aren't  
performing explicitly hostile actions such as launching DDoS attacks  
or mass spamming, but that are scanning more more hosts to  
compromise, communicating with botnet controllers, etc.

On Nov 25, 2005, at 6:26 PM, Bourque Daniel wrote:

> Anybody have test PeakFlow-X from Arbon Networks inside their network?
>
> Anybody using it?
>
> -----Message d'origine-----
> De : Nathan Davidson [mailto:ndavidso () globix com]
> Envoyé : 24 novembre, 2005 11:36
> À : Joel Friedman; focus-ids () securityfocus com
> Objet : RE: Denial of Service: Commercial Defense products
>
>
> I performed the same tests and larger on the Toplayer 5500-1000 with
> virtually zero latentcy. Throughput is very important, so is the  
> size of
> your pipe and the ability to finely tune policy. This is why I  
> think the
> Toplayer is a good choice for most implmentations.
>
> IMHO the Riverhead and Arbor are also good products for ISPs  
> looking to do a
> large backbone deployment as they can dynamically change routing in  
> the
> network based on anomily detection (this also means extra equipment is
> required). Whilst the Toplayer is good for proxy based and point  
> solutions,
> bare in mind that a point solution can be a multi gig pipe.
>
>
>
>         -----Original Message-----
>         From: Joel Friedman [mailto:jfriedman () datapipe com]
>         Sent: Wed 23/11/2005 20:07
>         To: focus-ids () securityfocus com
>         Cc:
>         Subject: RE: Denial of Service: Commercial Defense products
>         
>         
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
> ids_040708
> to learn more.
> ---------------------------------------------------------------------- 
> --

--------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice

 Algorithm agility is an essential feature in any Internet protocol.

                     -- Bruce Schneier




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------