IDS mailing list archives
Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer?
From: Augusto Pereyra <aepereyra () gmail com>
Date: Wed, 29 Jul 2009 16:58:33 -0300
This type of attack (DDOS) is really difficult to stop if the attacker becomes from different ip address and just make a GET of the index.html for example. How you can differentiate a real user from a bot ? I think this is impossible. If the IPS block this activity it will deny the access to the web page for legitimate users If the IPS allow this activity the bandwidth will be consumed. Augusto Pereyra CISSP - CEH On Wed, Jul 29, 2009 at 4:15 PM, <jfarley () hush com> wrote:
Hi,i need to protect a "realtime" website with an >inline IPS from (D)DOS attacks.I'd keep in mind that the latest DDoS attacks are not limited to HTTP-based floods and use a variety of DDoS vectors to bring your website down. For instance, the DDoS from the Korean botnet - http://www.networkworld.com/news/2009/071009-korea-ddos-virus-mission-shifts.html - involved sending normal HTTP queries asking for an index page, SYN floods, UDP floods, IP proto floods etc. So the vendor probably needs to provide more comprehensive DDoS protection, not just HTTP flood protection.My dream appliance would be able to run like in a 7 day learning mode which counts max new sessions per second, max sessions per client aso. After this 7 days it creates a filter with +x% of the learned values and sets these limits active.I believe either Arbor Peakflow or Top Layer IPS 5500 do what you described and much more for DDoS. In our experience, Arbor is a little better at botnet protection and Top Layer is at DDoS and file-based attack protection. Both have pretty comprehensive security protection as well - MS vulnerabilities, attachments etc. Cisco and ISS are good, too, but not as flexible when it comes to DDoS analysis and support. -JF ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? jfarley (Jul 29)
- Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? Augusto Pereyra (Jul 29)
- Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? Joel Esler (Jul 30)
- Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? Scott Wahlstrom (Jul 29)
- Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? Augusto Pereyra (Jul 29)