IDS mailing list archives
RE: IPS - Cisco vs. McAfee vs. Tippingpoint
From: David Henning <David.Henning () hughes com>
Date: Wed, 29 Jul 2009 13:05:59 -0400
Since this is for a website, have you checked some of the web application firewalls like WebDefend? It does learning and I think has a threshold to alert for new session spikes, etc. It installs either in-line or not in-line but with extra ports available to send RST to both ends, etc. David Henning, CISSP, GCPM Hughes Network Systems, LLC Principal Security Analyst 301-428-5533 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Hurgel Bumpf Sent: Wednesday, July 29, 2009 8:25 AM To: focus-ids () securityfocus com Subject: IPS - Cisco vs. McAfee vs. Tippingpoint Hi List, i need to protect a "realtime" website with an inline IPS from (D)DOS attacks. I had some bad experience with Tippingpoint UnityOne 2400 field test. The device dropped to much sessions until all connectivity was lost. After that no investigation was not possible as TP logs all attack information with IP address 0.0.0.0 The vendor excused this with the layered technology and passing the IP address from the hardware to the logger would lead to delayed packages) This is unacceptable. i'm now looking forward to test a Cisco IPS 4270-20 and a McAfee Network Security 4050 appliance. Who has a good/bad experience with that devices? Is it true that all devices don't log ip adresses? My dream appliance would be able to run like in a 7 day learning mode which counts max new sessions per second, max sessions per client aso. After this 7 days it creates a filter with +x% of the learned values and sets these limits active. A big problem is that i have to install it into the productive system to get the real values. I dont have any fixed values regarding the new sessions per second and i cant just guess and set values and render the system offline. All information is highly appreciated! Thank you very much for your time, Andre
Current thread:
- IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 29)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint David Henning (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Joel Snyder (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Ronny Vaningh (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint foringer () gmail com (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Joel Snyder (Jul 29)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint David Henning (Jul 29)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint BARDINI, MICHAEL (Jul 29)
- RE: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Laurens Vets (Jul 29)
- Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hurgel Bumpf (Jul 30)