funsec mailing list archives
RE: IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?]
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Wed, 12 Oct 2005 00:26:42 -0400
I'm not sure what you're asking, but I'll expand on the paragraph you quoted... One example is an internet gambling company. If their websites are DoSed, they are loosing money... and sometimes lots of it. To use NSS terminology, there are two classes of IPS: 1. Content-based class. 2. Attack Mitigator class. The IPS systems that fall into the first class usually have IDS background. It's not always the case, but that's where a lot of these IPS systems historically came from. The IPS systems that fall into the second category are built specifically to deal with (D)DoS attack and usually use Rate-base, Flow anomaly, other mechanisms to accomplish their tasks. I don't know if it comes as a surprise to some of the people on the list (I'm not sure where Gadi was going with his question... if he was surprised or if he found the concept of IPS stopping DoS attacks a silly idea), but these systems exist. I won't name any specific companies to stay neutral in this discussion, but there are definitely a few of those out there. Some of them are better then others, which sometimes also depends on the environment where they are deployed. There's a trend among IPS vendors to bridge the gap between the two classes. The content-based IPS systems try to do a better job at dealing with DoS flood attacks and the "attack mitigator" IPS systems try to do a better job at protocol misuse detection and exploit detection. -----Original Message----- From: Gadi Evron [mailto:ge () linuxbox org] Sent: Tue 10/11/2005 10:59 PM To: Kyle Quest Cc: funsec () linuxbox org Subject: IPS as anti ddos???? [was: Re: [funsec] so, is I[dp]S a STUPID technology?] Kyle Quest wrote:
If we are talking about IPS I'd like to point out one little thing... It's not just about stopping exploits, but it's also about dealing with denial of service attacks. Having an IPS that blocks denial of service attacks is definitely valuable. It can make or break an ecommerce business. This is just one reason.
Excuse me?!
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?] Kyle Quest (Oct 11)
- <Possible follow-ups>
- RE: IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?] Kyle Quest (Oct 11)