Hi Tsung,

It seems that there is something supporting your Downtimes. IDS in
itself cannot bring downtime. It has to work in promiscuous
mode/transparent mode, but cannot drop any communication. It will only
alert you.

1. In your case it seems that IDS has been configured, but not
normalized. Check for FALSE POSITIVE ALERTS which your device is
sending. If count is high, then you need to contact your vendor and get
it resolved.
2. Please share, Which type of downtime you are facing, is a particular
vlan is down or whole network under IDS is down?
3. Also, as Mr Sharma has said, what makes you think that it's actually
the IDS creating the problem.

Regards,
Nutan Vishwakarma

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Shwetabh Sharma
Sent: Wednesday, February 02, 2011 2:21 AM
To: Shang Tsung
Cc: focus-ids (at) securityfocus (dot) com [email concealed]
Subject: Re: IDS causing troubles

Hi Shang Tsung,

How do you determine that it's the IDS causing this trouble?

Thanks and Regards
Sharma

On Feb 1, 2011, at 8:53 PM, Shang Tsung <shangtsung71 (at) gmail (dot) com [email concealed]> wrote:

> Hello,
>
> We have the following problem. Now and then, the IDS will cause
> disruptions to the network, especially after updates. We have an IBM
> (ex ISS) Intrusion Detection System with a few network sensors and
> several host sensors. The IDS is not managed by us but we have it
> outsourced.
>
> The disruptions mentioned above cause our network engineers extreme
> dissatisfaction (and anxiety) about the IDS and they would "burn the
> damn thing", if they could. We have 2 - 3 serious issues, causing
> downtime, per year.
>
> My questions are:
>
> - Are any of you experience the same issues?
> - Is these disruptions common to others or should we seriously
> consider replacing the IDS and/or the outsourcing company?
> - Could this be an issue with our network infrastructure?
>
> I will appreciate any thoughts.
>
> Thanks,
> ST
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL.
> A guide to understanding SSL certificates, how they operate and their
application. By making use of an SSL certificate on your web server, you
can securely collect sensitive information online, and increase business
by giving your customers confidence that their transactions are safe.
>
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a

17f194
>
>

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their
application. By making use of an SSL certificate on your web server, you
can securely collect sensitive information online, and increase business
by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a

17f194

DISCLAIMER:
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your co-operation in this regard is appreciated.

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]