Focus on IDS
Re: IPS - Cisco vs. McAfee vs. Tippingpoint Jul 30 2009 02:50PM
Paul Schmehl (pschmehl_lists tx rr com)
--On Thursday, July 30, 2009 04:09:32 -0500 Hurgel Bumpf
<l0rd_lunatic (at) yahoo (dot) com [email concealed]> wrote:

> Hi Paul,
> thank you for your valuable input.
> The box was definately not overloaded, it just ran amok killing sessions :)

Wouldn't that be the definition of overloaded? :-)

> Please see my answer to Larry with further informations about this incident.
> There i also describe why the 2400 does not log ip adresses.

I think it's kind of moot, since the evidence suggests that an IPS is not the
right solution for the problem you're trying to solve.

As others have suggested, if you're trying to protect against DDoS attacks, IPS
devices are probably not the right approach. DDoS attacks are a special
category of attack that take specialized equipment as well as coordination with
your upstream vendors to overcome. And frankly, I'm not convinced there really
is an answer. Drive enough "legitimate" traffic to a site, any site, no matter
how well it's sized and load balanced, and you will DoS the site. DDoS
appliances can mitigate but not completely stop that sort of attack, especially
from distributed botnets with nodes all over the world.

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
Check the headers before clicking on Reply.

Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.;5001;25;1371;0;1;946;9a80e04e1a

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus