IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Denial of Service: Commercial Defense products

From: "avi chesla" <chess4_4 () hotmail com>
Date: Thu, 29 Dec 2005 20:08:23 +0200
Matt,
The integration of this technology has started a few months ago. A version with the adaptive behavioral DoS protection wil be released in three weeks (Jan 2006) 

Avi


From: FinAckSyn <finacksyn () yahoo co uk>
To: avi chesla <chess4_4 () hotmail com>, devdas () dvb homelinux org, focus-ids () securityfocus com 
Subject: Re: Denial of Service: Commercial Defense products
Date: Thu, 22 Dec 2005 17:29:35 +0000 (GMT)

Hi Avi,

Having only just acquired V-Secure at the end of
Novemeber you guys must have put in an amazing amount
of manpower to integrate their technology into the
DefensePro platform...
A 3 week turnaround must be something you're all very
proud of! :P
Seriously though, when can we expect the first beta
releases so we can get this tested?

Cheers,

Matt

--- avi chesla <chess4_4 () hotmail com> wrote:

> Hi Matt,
>
> It should be noted that I am an employee of Radware.
> The following answer is
> informative only.
>
> The problem you have encountered has been handled in
> the latest versions of
> the DefensePro.
> A new mechanism (adaptive behavioral DoS protection)
> which aims to handle
> all types of floods has been implemented. This new
> mechanism uses a mature
> technology that was taken from V-Secure Technologies
> (this is involved with
> the acquisition that Radware made). The new
> mechanism mitigates TCP (Syn and
> also other TCP floods), UDP, ICMP and IGMP floods by
> using a statistical
> adaptive approach (i.e., no thresholds need to be
> set). The mitigation
> methods that this mechanism allows are highly
> granular which means that the
> detected attack is blocked according to multiple
> characteristic parameters
> taken from the packet headers and payload. These
> parameters (e.g.,
> checksums, packet sizes, TTL, ports, DNS queries
> etc) are detected on the
> fly and are automatically tailored through an AND
> and OR logical
> relationships in order to generate the most narrow
> prevention measure
> against the detected attack (all in order to
> minimize the blocking of
> legitimate users).
> The integrated technology allows this whole process
> (detection and
> prevention) to take place without user intervention.
> If you test mitigation tools, you should especially
> focus on the granularity
> and accuracy of the prevention rules that these
> tools provide.
> Regarding Toplayer and Riverhead, the aforementioned
> new protection is
> actually a breakthrough for Radware mitigation
> capabilities.  I advise you
> to test Radware's new DoS and DDoS solution compared
> to the other vendors –
> I think that the differences can be easily exposed.
>
> Let me know if need any more assistance.
>
> Avi
>
>
> >From: FinAckSyn <finacksyn () yahoo co uk>
> >To: avi chesla <chess4_4 () hotmail com>,
> devdas () dvb homelinux org,
> >focus-ids () securityfocus com
> >Subject: Re: Denial of Service: Commercial Defense
> products
> >Date: Fri, 16 Dec 2005 11:46:52 +0000 (GMT)
> >
> >Hi Avi,
> >
> >The big problem I had with RadWare DefensePro (this
> >was about a year ago), was that I couldn't set the
> SYN
> >cache timeout to anything less than 3 seconds.  As
> the
> >cache could only hold 64,000 SYNs, any SYN Flood
> >larger than 64,000/3 = 21,333 SYN/s would
> completely
> >fill the cache.
> >This spelt disaster every time a SYN flood hit the
> >network, as invalid SYNs filled up the cache,
> leaving
> >no space for new, legitimate connections to be
> setup.
> >True, the SYN Flood was mitigated, but at the
> expense
> >of any new connections (existing ones were
> preserved),
> >which is generally bad if you're dealing with
> critical
> >applications and web presences.
> >I would love to hear from RadWare as to whether or
> not
> >this limitation has actually being fixed, and if it
> >has, how their new technology now fares against the
> >more mature mitigation products such as TopLayer
> and
> >Riverhead.
> >
> >Rgds,
> >
> >Matt
> >
> >--- avi chesla <chess4_4 () hotmail com> wrote:
> >
> > > Hi, You shoould also consider Rdaware's
> DefensePro
> > > with their new behavioral
> > > based DDoS protection.
> > >
> > > Avi
> > >
> > >
> > > >From: Devdas Bhagat <devdas () dvb homelinux org>
> > > >Reply-To: Devdas Bhagat
> <devdas () dvb homelinux org>
> > > >To: focus-ids () securityfocus com
> > > >Subject: Re: Denial of Service: Commercial
> Defense
> > > products
> > > >Date: Thu, 24 Nov 2005 21:59:41 +0530
> > > >
> > > >On 22/11/05 16:43 +0700, Ogle wrote:
> > > > > Hi,
> > > > > I have an ISP customer who want to protect
> their
> > > network and their
> > > > > subscriber's network.
> > > > > In "Internet Denial of Service: Attack and
> > > Defense Mecahnisms" book, I
> > > > > noticed 7 commercial products.
> > > > > 1. Mazu Enforcer by Mazu Networks
> > > > > 2. Peakflow by Arbor Networks
> > > > > 3. WS Series Apliances by Webscreen
> Technologies
> > > > > 4. Captus IPS by Captus Networks
> > > > > 5. MANAnet Shield by CS3
> > > > > 6. Cisco Traffic Anomaly Detector XT and
> Cisco
> > > Guard XT
> > > > > 7. StealthWatch by Lancope
> > > > >
> > > > > Since I'm new with this type of products, is
> > > there any reference out
> > > > > there to help me choose the right solution
> to my
> > > customer ?
> > > > > Is there any problem if I use IPS (ie:
> > > TippingPoint, McAfee) for this
> > > >solution ?
> > > >
> > > >What kind of DoS? Is this a simple packet
> flooding
> > > choking the pipe? Is
> > > >this an application layer attack? Syn floods?
> > > Physical damage to links?
> > > >
> > > >Devdas Bhagat
> > > >
> > >
> >
>
>------------------------------------------------------------------------
> > > >Test Your IDS
> > > >
> > > >Is your IDS deployed correctly?
> > > >Find out quickly and easily by testing it
> > > >with real-world attacks from CORE IMPACT.
> > > >Go to
> > >
>
>http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > > >to learn more.
> > >
> >
>
>------------------------------------------------------------------------
> > > >
> > >
> > >
>
>_________________________________________________________________
> > > Express yourself instantly with MSN Messenger!
> > > Download today it's FREE!
> > >
>
>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > >
> > >
> > >
>
>------------------------------------------------------------------------
> > > Test Your IDS
> > >
> > > Is your IDS deployed correctly?
> > > Find out quickly and easily by testing it
> > > with real-world attacks from CORE IMPACT.
> > > Go to
> > >
>
>http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > >
> > > to learn more.
> > >
>
>------------------------------------------------------------------------
> > >
> > >
> >
> >
> >
> >
>
>___________________________________________________________
>
=== message truncated ===




___________________________________________________________
Too much spam in your inbox? Yahoo! Mail gives you the best spam protection for FREE! http://uk.mail.yahoo.com 

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ 


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: