IDS mailing list archives

Re: IPS with no IP address?

From: Dennis Cox <dcox () tippingpoint com>
Date: Thu, 6 Jan 2005 18:43:11 -0600

Jeff,

It's actually pretty common in the telco world. ILMI for those fromthe ATM world is how operators in the telco world manage equipment overthe same wire. In that case it's VPI/VCI in this case they have no IPaddresses but they listen for an IP address - once they see the IPaddress they act differently. The danger is that the device can beattacked on the wires it's protecting. I would suggest you run *SIC,(ISIC, etc) on the network address to see how strong the stack that isproviding the management is. It's generally not recommended to haveyour management interface exposed to the network you are protecting.Example, let's say they have a HTTPS interface - why not flood the datapath with HTTPS traffic to that IP address and see if you could slowdown the device - or perhaps you can discover what type of device it isand they figure out what it's weak on.



Dennis Cox
Director of Engineering, TippingPoint Technologies
w 512.681.8328


On Jan 5, 2005, at 2:17 PM, Jeff McCarthy wrote:

Hello,

 I recently sat in on an IPS vendor presentation. They
 stated that their IPS has 2 Ethernet interfaces,
 neither of which have IP addresses yet they can manage
 and monitor the device over IP.  I thought this was
 interesting and somewhat unique.

 Are there any other vendors that do that? I know at
 least one other vendor has no IP on the interfaces
 listening to traffic but they have a seperate
 interface with an IP for management.

 Thanks,

 Jeff McCarthy
 USM


                
 __________________________________
 Do you Yahoo!?
 Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250

--------------------------------------------------------------------------

 Test Your IDS

 Is your IDS deployed correctly?
 Find out quickly and easily by testing it with real-world attacks from
 CORE IMPACT.

Go tohttp://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

 to learn more.

--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Current thread:

IPS with no IP address? Jeff McCarthy (Jan 06)
- Re: IPS with no IP address? Dennis Cox (Jan 06)
- Re: IPS with no IP address? nick black (Jan 08)
- Re: IPS with no IP address? Brad McGary (Jan 08)
- RE: IPS with no IP address? Mike Barkett (Jan 12)
- <Possible follow-ups>
- Re: IPS with no IP address? Scott (Jan 06)