funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?]

From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Wed, 12 Oct 2005 00:26:42 -0400
I'm not sure what you're asking, but I'll expand on the paragraph
you quoted...

One example is an internet gambling company.
If their websites are DoSed, they are loosing money...
and sometimes lots of it. 

To use NSS terminology, there are two classes of IPS:
1. Content-based class.
2. Attack Mitigator class.

The IPS systems that fall into the first class usually have IDS background.
It's not always the case, but that's where a lot of these IPS systems historically
came from.

The IPS systems that fall into the second category are built specifically
to deal with (D)DoS attack and usually use Rate-base, Flow anomaly, other
mechanisms to accomplish their tasks. I don't know if it comes as a surprise
to some of the people on the list (I'm not sure where Gadi was going with
his question... if he was surprised or if he found the concept of IPS
stopping DoS attacks a silly idea), but these systems exist. I won't name
any specific companies to stay neutral in this discussion, but there
are definitely a few of those out there. Some of them are better then
others, which sometimes also depends on the environment where they are deployed.

There's a trend among IPS vendors to bridge the gap between the two classes.
The content-based IPS systems try to do a better job at dealing with DoS flood attacks
and the "attack mitigator" IPS systems try to do a better job at protocol misuse
detection and exploit detection.

-----Original Message-----
From: Gadi Evron [mailto:ge () linuxbox org]
Sent: Tue 10/11/2005 10:59 PM
To: Kyle Quest
Cc: funsec () linuxbox org
Subject: IPS as anti ddos???? [was: Re: [funsec] so, is I[dp]S a STUPID technology?]
 
Kyle Quest wrote:

If we are talking about IPS I'd like to point out one little thing...
It's not just about stopping exploits, but it's also about dealing
with denial of service attacks. Having an IPS that blocks 
denial of service attacks is definitely valuable. It can make
or break an ecommerce business. This is just one reason.


Excuse me?!



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: