Focus on IDS
Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? Jul 29 2009 07:15PM
jfarley hush com (2 replies)
Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? Jul 29 2009 08:10PM
Scott Wahlstrom (wahlstros gmail com)
Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? Jul 29 2009 07:58PM
Augusto Pereyra (aepereyra gmail com) (1 replies)
This type of attack (DDOS) is really difficult to stop if the attacker
becomes from different ip address and just make a GET of the
index.html for example.

How you can differentiate a real user from a bot ?

I think this is impossible.

If the IPS block this activity it will deny the access to the web
page for legitimate users
If the IPS allow this activity the bandwidth will be consumed.

Augusto Pereyra
CISSP - CEH

On Wed, Jul 29, 2009 at 4:15 PM, <jfarley (at) hush (dot) com [email concealed]> wrote:
> Hi,
>
>> i need to protect a "realtime" website with an >inline IPS from (D)DOS attacks.
>
> I'd keep in mind that the latest DDoS attacks are not limited to HTTP-based floods and use a variety of DDoS vectors to bring your website down. For instance, the DDoS from the Korean botnet - http://www.networkworld.com/news/2009/071009-korea-ddos-virus-mission-sh
ifts.html - involved sending normal HTTP queries asking for an index page, SYN floods, UDP floods, IP proto floods etc. So the vendor probably needs to provide more comprehensive DDoS protection, not just HTTP flood protection.
>
>> My dream appliance would be able to run like in a 7 day learning mode which
>> counts max new sessions per second, max sessions per client aso. After this 7
>> days it creates a filter with +x% of the learned values and sets these limits
>> active.
>
> I believe either Arbor Peakflow or Top Layer IPS 5500 do what you described and much more for DDoS. In our experience, Arbor is a little better at botnet protection and Top Layer is at DDoS and file-based attack protection. Both have pretty comprehensive security protection as well - MS vulnerabilities, attachments etc. Cisco and ISS are good, too, but not as flexible when it comes to DDoS analysis and support.
>
> -JF
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL.
> A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
>
>
>

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]
Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? Jul 29 2009 11:57PM
Joel Esler (jesler sourcefire com)


 

Privacy Statement
Copyright 2010, SecurityFocus