Scenario: Perimeter IPS deployment, with Stateful firewall at the egress point.

Traffic from out to in: Firewall will block all unsolicited UDP ports.
For the UDP ports where traffic is allowed (RTP data etc) through
firewall, do I have to pass it though IPS engine? Will there be cases
of exploits

[ more ]  [ reply ]

We took the recently published ITOC dataset and the CCTF captures from
Shmoo group (total of 15.0 GBytes, 26.3 million packets), indexed them
to enable contextual search and instant access to packets, not to
mention HN/Twitter-style one-liners attached to packets and searches
for a community oriente

[ more ]  [ reply ]

Pen-Test and Focus-IDS readers,

I wanted to send a quick note to those of you on these two lists who
have been long time subscribers and supporters of them. I long ago
gave up the moderation of the lists (to far more capable hands than
mine) but I have followed them faithfully for nearly a decade.

[ more ]  [ reply ]

Hi list:

I' d like to share with all, this script made by me based on root0
script for ips instalation.
This script was tested on fedora 9 but it should work in fedora 10 too.
You need 3 network interfaces (One for management and two for the bridge)
I

When the script finish his execution you will

[ more ]  [ reply ]

Some of you may remember our discussion back in November, 2008 about
using reputation services in IPS. (search for subject line "Email
reputation for inout to IDSs?" if you want to read it).

Anyway, I was given a chance to test Cisco's 7.0 IPS that includes the
Ironport SenderBase/SensorBase re

[ more ]  [ reply ]

Hi,

That makes our life hard, for one question we have got ~12 Solution from different Manufacturers. As I see, it is not easy to choose 'the best solution', there is too much good idea from different manufacturers on the market and the key benefits of a product differ at each unique Customer/User.

[ more ]  [ reply ]

Hello IDS folks,

I'm currently doing a mini-project involving applying machine learning
techniques to the identification of hostile network traffic. My focus
is on TCP traffic, and I'm looking at header and content based
inspection. I'm wrapping up my feature extraction code now, whereby
I've impor

[ more ]  [ reply ]

--On Thursday, July 30, 2009 04:09:32 -0500 Hurgel Bumpf
<l0rd_lunatic (at) yahoo (dot) com [email concealed]> wrote:

>
>
> Hi Paul,
>
> thank you for your valuable input.
>
> The box was definately not overloaded, it just ran amok killing sessions :)

Wouldn't that be the definition of overloaded? :-)

>
> Please see my ans

[ more ]  [ reply ]