Re: Denial of Service: Commercial Defense products

[FinAckSyn <finacksyn () yahoo co uk>]

Hi Avi,

The big problem I had with RadWare DefensePro (this
was about a year ago), was that I couldn't set the SYN
cache timeout to anything less than 3 seconds.  As the
cache could only hold 64,000 SYNs, any SYN Flood
larger than 64,000/3 = 21,333 SYN/s would completely
fill the cache.
This spelt disaster every time a SYN flood hit the
network, as invalid SYNs filled up the cache, leaving
no space for new, legitimate connections to be setup. 
True, the SYN Flood was mitigated, but at the expense
of any new connections (existing ones were preserved),
which is generally bad if you're dealing with critical
applications and web presences.
I would love to hear from RadWare as to whether or not
this limitation has actually being fixed, and if it
has, how their new technology now fares against the
more mature mitigation products such as TopLayer and
Riverhead.

Rgds,

Matt

--- avi chesla <chess4_4 () hotmail com> wrote:

> Hi, You shoould also consider Rdaware's DefensePro
> with their new behavioral 
> based DDoS protection.
>
> Avi
>
>
> > From: Devdas Bhagat <devdas () dvb homelinux org>
> > Reply-To: Devdas Bhagat <devdas () dvb homelinux org>
> > To: focus-ids () securityfocus com
> > Subject: Re: Denial of Service: Commercial Defense
> products
> > Date: Thu, 24 Nov 2005 21:59:41 +0530
> >
> > On 22/11/05 16:43 +0700, Ogle wrote:
> > > Hi,
> > > I have an ISP customer who want to protect their
> network and their
> > > subscriber's network.
> > > In "Internet Denial of Service: Attack and
> Defense Mecahnisms" book, I
> > > noticed 7 commercial products.
> > > 1. Mazu Enforcer by Mazu Networks
> > > 2. Peakflow by Arbor Networks
> > > 3. WS Series Apliances by Webscreen Technologies
> > > 4. Captus IPS by Captus Networks
> > > 5. MANAnet Shield by CS3
> > > 6. Cisco Traffic Anomaly Detector XT and Cisco
> Guard XT
> > > 7. StealthWatch by Lancope
> > >
> > > Since I'm new with this type of products, is
> there any reference out
> > > there to help me choose the right solution to my
> customer ?
> > > Is there any problem if I use IPS (ie:
> TippingPoint, McAfee) for this 
> > solution ?
> >
> > What kind of DoS? Is this a simple packet flooding
> choking the pipe? Is
> > this an application layer attack? Syn floods?
> Physical damage to links?
> > Devdas Bhagat
>
> ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it
> > with real-world attacks from CORE IMPACT.
> > Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > to learn more.
>
> ------------------------------------------------------------------------
> >
_________________________________________________________________
> Express yourself instantly with MSN Messenger!
> Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it 
> with real-world attacks from CORE IMPACT.
> Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
------------------------------------------------------------------------
>



                
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. 
http://uk.security.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------