funsec mailing list archives
RE: so, is I[dp]S a STUPID technology?
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Tue, 11 Oct 2005 20:05:12 -0400
To be clear, I don't do 'Cisco talk' - several vendors make scrubbing boxes, just as several vendors (including Cisco) make firewalls and IDS.
It sure does sound like it though... It's ok though. It's hard to avoid it once you're in the cisco mindset.
Small businesses can't rely upon in-line firewalls or IDS to defend themselves against DDoS, either, in my experience. Those are primarily policy-enforcement devices, and irrespective of their other possible merits, they generally aren't optimized for dealing with DDoS (marketing claims aside).
Maybe we're a little bit off on the difinitions. Given that you haven't defined what in-line firewalls (are there such things as off-line firewalls I wonder :-] ) and in-line IDS are, it's hard for me to be completely subjective. Either way, I wasn't talking about those (if you're talking about what I'm thinking)... I was talking about specialized IPS systems designed to handle (D)DoS flood attacks. And if you meant those as well when you said "in-line firewalls or IDS", then I would have to disagree with you and suggest that you expand your "experience". There are indeed environments and deployments when a single (or an array of) in-line (D)DoS IPS systems work great at mitigating (D)DoS attacks and that's no marketing claims... Obviously, there are cases when they don't work well. I'm not claiming otherwise.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- lalala [was: Re: so, is I[dp]S a STUPID technology?], (continued)
- lalala [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- Re: lalala [was: Re: so, is I[dp]S a STUPID technology?] Valdis . Kletnieks (Oct 11)
- lalala [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Young, Keith (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Dave Hawkins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 13)