Focus on IDS
Excluding the bulk of UDP from IPS processing - What's the impact? Aug 26 2009 12:16PM
Bikram Gupta (bikramkgupta gmail com) (2 replies)
RE: Excluding the bulk of UDP from IPS processing - What's the impact? Aug 26 2009 08:06PM
Addepalli Srini-B22160 (saddepalli freescale com) (1 replies)
Re: Excluding the bulk of UDP from IPS processing - What's the impact? Aug 27 2009 11:26AM
Bikram Gupta (bikramkgupta gmail com) (1 replies)
RE: Excluding the bulk of UDP from IPS processing - What's the impact? Aug 28 2009 05:42PM
Addepalli Srini-B22160 (saddepalli freescale com)
Re: Excluding the bulk of UDP from IPS processing - What's the impact? Aug 26 2009 07:18PM
Jamie Riden (jamie riden gmail com) (1 replies)
Re: Excluding the bulk of UDP from IPS processing - What's the impact? Aug 26 2009 09:39PM
Joel Jaeggli (joelja bogus com)


Jamie Riden wrote:
> 2009/8/26 Bikram Gupta <bikramkgupta (at) gmail (dot) com [email concealed]>:
>> Scenario: Perimeter IPS deployment, with Stateful firewall at the egress point.
>>
>> Traffic from out to in: Firewall will block all unsolicited UDP ports.
>> For the UDP ports where traffic is allowed (RTP data etc) through
>> firewall, do I have to pass it though IPS engine? Will there be cases
>> of exploits in such cases? Some examples please.

sip is a big source of udp ips rules.

>> Traffic from in to out: I believe IPS processing for UDP flows must be
>> enabled here.. to detect some of the p2p, IM, skype, trojan etc
>> traffic.
>>
>> I am trying to understand the impact, if I bypass the UDP flows from
>> IPS device? Can this be done realistically for some UDP traffic
>> (in->out, out->in), or NONE?
>>
>> Thanks a lot.
>>
>> Bikram
>
> Slammer was UDP. Witty was UDP.
> http://en.wikipedia.org/wiki/SQL_slammer_(computer_worm)
> http://en.wikipedia.org/wiki/Witty_(computer_worm)
>
> RTP is complex enough that I wouldn't be surprised at a few parser
> bugs popping up at some point.
>
> I'd rather get a higher-powered IPS than not looking at UDP, but it
> depends on your cost/benefit analysis.
>
> cheers,
> Jamie
>

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus