IDS mailing list archives
Re: Denial of Service: Commercial Defense products
From: FinAckSyn <finacksyn () yahoo co uk>
Date: Fri, 16 Dec 2005 11:46:52 +0000 (GMT)
Hi Avi, The big problem I had with RadWare DefensePro (this was about a year ago), was that I couldn't set the SYN cache timeout to anything less than 3 seconds. As the cache could only hold 64,000 SYNs, any SYN Flood larger than 64,000/3 = 21,333 SYN/s would completely fill the cache. This spelt disaster every time a SYN flood hit the network, as invalid SYNs filled up the cache, leaving no space for new, legitimate connections to be setup. True, the SYN Flood was mitigated, but at the expense of any new connections (existing ones were preserved), which is generally bad if you're dealing with critical applications and web presences. I would love to hear from RadWare as to whether or not this limitation has actually being fixed, and if it has, how their new technology now fares against the more mature mitigation products such as TopLayer and Riverhead. Rgds, Matt --- avi chesla <chess4_4 () hotmail com> wrote:
Hi, You shoould also consider Rdaware's DefensePro with their new behavioral based DDoS protection. AviFrom: Devdas Bhagat <devdas () dvb homelinux org> Reply-To: Devdas Bhagat <devdas () dvb homelinux org> To: focus-ids () securityfocus com Subject: Re: Denial of Service: Commercial DefenseproductsDate: Thu, 24 Nov 2005 21:59:41 +0530 On 22/11/05 16:43 +0700, Ogle wrote:Hi, I have an ISP customer who want to protect theirnetwork and theirsubscriber's network. In "Internet Denial of Service: Attack andDefense Mecahnisms" book, Inoticed 7 commercial products. 1. Mazu Enforcer by Mazu Networks 2. Peakflow by Arbor Networks 3. WS Series Apliances by Webscreen Technologies 4. Captus IPS by Captus Networks 5. MANAnet Shield by CS3 6. Cisco Traffic Anomaly Detector XT and CiscoGuard XT7. StealthWatch by Lancope Since I'm new with this type of products, isthere any reference outthere to help me choose the right solution to mycustomer ?Is there any problem if I use IPS (ie:TippingPoint, McAfee) for thissolution ? What kind of DoS? Is this a simple packet floodingchoking the pipe? Isthis an application layer attack? Syn floods?Physical damage to links?Devdas Bhagat------------------------------------------------------------------------Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.------------------------------------------------------------------------
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Denial of Service: Commercial Defense products avi chesla (Dec 12)
- Re: Denial of Service: Commercial Defense products FinAckSyn (Dec 16)
- Re: Denial of Service: Commercial Defense products avi chesla (Dec 21)
- Re: Denial of Service: Commercial Defense products snort user (Dec 21)
- <Possible follow-ups>
- RE: Denial of Service: Commercial Defense products Kyle Quest (Dec 27)
- RE: Denial of Service: Commercial Defense products Barrett G. Lyon (Dec 28)
- Re: Denial of Service: Commercial Defense products FinAckSyn (Dec 16)