IDS mailing list archives
Re: Denial of Service: Commercial Defense products
From: "avi chesla" <chess4_4 () hotmail com>
Date: Thu, 29 Dec 2005 20:08:23 +0200
Matt,The integration of this technology has started a few months ago. A version with the adaptive behavioral DoS protection wil be released in three weeks (Jan 2006)
Avi
From: FinAckSyn <finacksyn () yahoo co uk>To: avi chesla <chess4_4 () hotmail com>, devdas () dvb homelinux org, focus-ids () securityfocus comSubject: Re: Denial of Service: Commercial Defense products Date: Thu, 22 Dec 2005 17:29:35 +0000 (GMT) Hi Avi, Having only just acquired V-Secure at the end of Novemeber you guys must have put in an amazing amount of manpower to integrate their technology into the DefensePro platform... A 3 week turnaround must be something you're all very proud of! :P Seriously though, when can we expect the first beta releases so we can get this tested? Cheers, Matt --- avi chesla <chess4_4 () hotmail com> wrote: > Hi Matt, > > It should be noted that I am an employee of Radware. > The following answer is > informative only. > > The problem you have encountered has been handled in > the latest versions of > the DefensePro. > A new mechanism (adaptive behavioral DoS protection) > which aims to handle > all types of floods has been implemented. This new > mechanism uses a mature > technology that was taken from V-Secure Technologies > (this is involved with > the acquisition that Radware made). The new > mechanism mitigates TCP (Syn and > also other TCP floods), UDP, ICMP and IGMP floods by > using a statistical > adaptive approach (i.e., no thresholds need to be > set). The mitigation > methods that this mechanism allows are highly > granular which means that the > detected attack is blocked according to multiple > characteristic parameters > taken from the packet headers and payload. These > parameters (e.g., > checksums, packet sizes, TTL, ports, DNS queries > etc) are detected on the > fly and are automatically tailored through an AND > and OR logical > relationships in order to generate the most narrow > prevention measure > against the detected attack (all in order to > minimize the blocking of > legitimate users). > The integrated technology allows this whole process > (detection and > prevention) to take place without user intervention. > If you test mitigation tools, you should especially > focus on the granularity > and accuracy of the prevention rules that these > tools provide. > Regarding Toplayer and Riverhead, the aforementioned > new protection is > actually a breakthrough for Radware mitigation > capabilities. I advise you > to test Radware's new DoS and DDoS solution compared > to the other vendors > I think that the differences can be easily exposed. > > Let me know if need any more assistance. > > Avi > > > >From: FinAckSyn <finacksyn () yahoo co uk> > >To: avi chesla <chess4_4 () hotmail com>, > devdas () dvb homelinux org, > >focus-ids () securityfocus com > >Subject: Re: Denial of Service: Commercial Defense > products > >Date: Fri, 16 Dec 2005 11:46:52 +0000 (GMT) > > > >Hi Avi, > > > >The big problem I had with RadWare DefensePro (this > >was about a year ago), was that I couldn't set the > SYN > >cache timeout to anything less than 3 seconds. As > the > >cache could only hold 64,000 SYNs, any SYN Flood > >larger than 64,000/3 = 21,333 SYN/s would > completely > >fill the cache. > >This spelt disaster every time a SYN flood hit the > >network, as invalid SYNs filled up the cache, > leaving > >no space for new, legitimate connections to be > setup. > >True, the SYN Flood was mitigated, but at the > expense > >of any new connections (existing ones were > preserved), > >which is generally bad if you're dealing with > critical > >applications and web presences. > >I would love to hear from RadWare as to whether or > not > >this limitation has actually being fixed, and if it > >has, how their new technology now fares against the > >more mature mitigation products such as TopLayer > and > >Riverhead. > > > >Rgds, > > > >Matt > > > >--- avi chesla <chess4_4 () hotmail com> wrote: > > > > > Hi, You shoould also consider Rdaware's > DefensePro > > > with their new behavioral > > > based DDoS protection. > > > > > > Avi > > > > > > > > > >From: Devdas Bhagat <devdas () dvb homelinux org> > > > >Reply-To: Devdas Bhagat > <devdas () dvb homelinux org> > > > >To: focus-ids () securityfocus com > > > >Subject: Re: Denial of Service: Commercial > Defense > > > products > > > >Date: Thu, 24 Nov 2005 21:59:41 +0530 > > > > > > > >On 22/11/05 16:43 +0700, Ogle wrote: > > > > > Hi, > > > > > I have an ISP customer who want to protect > their > > > network and their > > > > > subscriber's network. > > > > > In "Internet Denial of Service: Attack and > > > Defense Mecahnisms" book, I > > > > > noticed 7 commercial products. > > > > > 1. Mazu Enforcer by Mazu Networks > > > > > 2. Peakflow by Arbor Networks > > > > > 3. WS Series Apliances by Webscreen > Technologies > > > > > 4. Captus IPS by Captus Networks > > > > > 5. MANAnet Shield by CS3 > > > > > 6. Cisco Traffic Anomaly Detector XT and > Cisco > > > Guard XT > > > > > 7. StealthWatch by Lancope > > > > > > > > > > Since I'm new with this type of products, is > > > there any reference out > > > > > there to help me choose the right solution > to my > > > customer ? > > > > > Is there any problem if I use IPS (ie: > > > TippingPoint, McAfee) for this > > > >solution ? > > > > > > > >What kind of DoS? Is this a simple packet > flooding > > > choking the pipe? Is > > > >this an application layer attack? Syn floods? > > > Physical damage to links? > > > > > > > >Devdas Bhagat > > > > > > > > > > >------------------------------------------------------------------------ > > > >Test Your IDS > > > > > > > >Is your IDS deployed correctly? > > > >Find out quickly and easily by testing it > > > >with real-world attacks from CORE IMPACT. > > > >Go to > > > > >http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > > >to learn more. > > > > > > >------------------------------------------------------------------------ > > > > > > > > > > > >_________________________________________________________________ > > > Express yourself instantly with MSN Messenger! > > > Download today it's FREE! > > > > >http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > > > > > > > > >------------------------------------------------------------------------ > > > Test Your IDS > > > > > > Is your IDS deployed correctly? > > > Find out quickly and easily by testing it > > > with real-world attacks from CORE IMPACT. > > > Go to > > > > >http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > > > > > to learn more. > > > > >------------------------------------------------------------------------ > > > > > > > > > > > > > > > >___________________________________________________________ > === message truncated === ___________________________________________________________Too much spam in your inbox? Yahoo! Mail gives you the best spam protection for FREE! http://uk.mail.yahoo.com
_________________________________________________________________Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Re: Denial of Service: Commercial Defense products avi chesla (Jan 02)
- <Possible follow-ups>
- Re: Denial of Service: Commercial Defense products Securesolutions (Jan 02)
- Re: Denial of Service: Commercial Defense products avi chesla (Jan 05)
- Re: Denial of Service: Commercial Defense products Securesolutions (Jan 11)
- Re: Denial of Service: Commercial Defense products avi chesla (Jan 05)
- Re: Denial of Service: Commercial Defense products Stefano Zanero (Jan 05)