Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: t(r)ippingpoint?

From: "Josh Berry" <josh.berry () netschematics com>
Date: Tue, 14 Oct 2003 17:33:37 -0500 (CDT)
I agree with this.  I use IPTables/SnortInline/Linux QoS at home and can
do more with that setup than any other IPS solution I have looked at.  It
just requires a little more technical expertice.


From what I have seen, IPTables/SnortInline performs just as well as most

other IPS solutions and is actually what is behind many of them


Neither trippingpoint or smallplayer have made significant strides in
the prevention space and both have failed to pass an independent
certification that I am aware of. Performance keeps being the issue.

While we are plugging products...

If your need is a point case protection system for those rare instances
where you know that your firewall cannot / does not block the attack
consider a beefy snort-inline system used effectively. I cannot imagine
that more than a few t1 links need this "IPS" capability.

If your need is gigabit "IPS" consider carefully the deployment and
products. Plug it into your gig backbone and watch things fail. I am
only aware of one that can play at that speed in the IP realm and it
sucks on the system management front and detection is sketchy outside of
the lab.

I specualte that a free snort-inline box will play just as well on the
fringe that you need covered. Save your pennies for when the technology
matures, hopefully within a couple of years.

If the issue is the Dell reps selling over your head to the execs then
go do the research and check out the articles to arm for the debate.
Gartner inserted the foot a while ago and has had a rough time of it
since. Google about for a bit, here is some reading to get started.

http://www.sans.org/newsletters/newsbites/vol5_24.php

Look at the section

SPECIAL SECTION: IS IDS DEAD?
--Gartner IDS Report Evokes Strong Response


Josh Berry wrote:


I know it is a very expensive solution, very high-traffic centric,
really
was built for Carrier class networks.  There are a lot of other
solutions
that can handle a lot of traffic but are much cheaper.  One of those is
TopLayer Networks Attack Mitigator.



Anyone know anything about TippingPoint.com? Anyone using it or have


used it in the past?


The Dell sales guy has been talking to management trying to sell them on


this intrusion prevention solution from TippingPoint Technologies.
Management, of course, is curious and wonders why we even use Snort when
we could spend money on a solution rather than have it free. :-P Gotta
spend that money, you know.


Thanks.
KJ





Thanks,
Josh Berry, CTO
LinkNet-Solutions
469-831-8543
josh.berry () linknet-solutions com




Thanks,
Josh Berry, CTO
LinkNet-Solutions
469-831-8543
josh.berry () linknet-solutions com



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users












-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: