IDS mailing list archives
RE: Signatures taking down network
From: "Ghetti, Tim" <tghetti () air-worldwide com>
Date: Wed, 18 Jan 2006 19:37:39 -0500
Had the same thing happen to all my xp sp2 systems when Trendmicro decided to release a virus pattern update that wasn't thoroughly tested. If you plan on automating updates, just be sure to have some sort of QA first. Tough when the systems are expensive, but if you want HA you have to pay for it! Good luck!
-----Original Message----- From: David Williams [mailto:dwilliamsd () gmail com] Sent: Saturday, January 14, 2006 9:04 AM To: focus-ids () securityfocus com Subject: Signatures taking down network I'm evaluating a Tipping Point box and after gettting the latest signatures I'm having problems with the box "crashing". My goal is not to bash Tipping Point, but instead to gather information on how often people have seen this type of thing among IPS boxes. Is there a trend with vendors to roll out signatures as fast as possible without proper QA? This brings up a lot of questions about deploying IPS. I want two opposite things from my vendors: 1) I want the latest signatures super fast. 2) I want proper QA so that it doesn't bring down my network. I realize those two things are contradictory, but I thought I'd throw it out there to see if anybody had any thoughts. thanks, d -------------------------------------------------------------- ---------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------- ----------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Signatures taking down network David Williams (Jan 16)
- Re: Signatures taking down network Ramon Kagan (Jan 16)
- Re: Signatures taking down network Paul Schmehl (Jan 16)
- Re: Signatures taking down network Dhruv Soi (Jan 17)
- RE: Signatures taking down network Mike Barkett (Jan 24)
- <Possible follow-ups>
- RE: Signatures taking down network Craddock, Larry (Jan 16)
- RE: Signatures taking down network Palmer, Paul (ISSAtlanta) (Jan 18)
- Re: Signatures taking down network Sam Evans (Jan 18)
- Message not available
- Re: Signatures taking down network Sam Evans (Jan 21)
- Re: Signatures taking down network Sam Evans (Jan 18)
- RE: Signatures taking down network Palmer, Paul (ISSAtlanta) (Jan 18)
- RE: Signatures taking down network Ghetti, Tim (Jan 19)
- RE: Signatures taking down network Gary Halleen (ghalleen) (Jan 21)