Snort mailing list archives
Re: t(r)ippingpoint?
From: "Josh Berry" <josh.berry () netschematics com>
Date: Tue, 14 Oct 2003 17:33:37 -0500 (CDT)
I agree with this. I use IPTables/SnortInline/Linux QoS at home and can do more with that setup than any other IPS solution I have looked at. It just requires a little more technical expertice.
From what I have seen, IPTables/SnortInline performs just as well as most
other IPS solutions and is actually what is behind many of them
Neither trippingpoint or smallplayer have made significant strides in the prevention space and both have failed to pass an independent certification that I am aware of. Performance keeps being the issue. While we are plugging products... If your need is a point case protection system for those rare instances where you know that your firewall cannot / does not block the attack consider a beefy snort-inline system used effectively. I cannot imagine that more than a few t1 links need this "IPS" capability. If your need is gigabit "IPS" consider carefully the deployment and products. Plug it into your gig backbone and watch things fail. I am only aware of one that can play at that speed in the IP realm and it sucks on the system management front and detection is sketchy outside of the lab. I specualte that a free snort-inline box will play just as well on the fringe that you need covered. Save your pennies for when the technology matures, hopefully within a couple of years. If the issue is the Dell reps selling over your head to the execs then go do the research and check out the articles to arm for the debate. Gartner inserted the foot a while ago and has had a rough time of it since. Google about for a bit, here is some reading to get started. http://www.sans.org/newsletters/newsbites/vol5_24.php Look at the section SPECIAL SECTION: IS IDS DEAD? --Gartner IDS Report Evokes Strong Response Josh Berry wrote:I know it is a very expensive solution, very high-traffic centric, really was built for Carrier class networks. There are a lot of other solutions that can handle a lot of traffic but are much cheaper. One of those is TopLayer Networks Attack Mitigator.Anyone know anything about TippingPoint.com? Anyone using it or haveused it in the past?The Dell sales guy has been talking to management trying to sell them onthis intrusion prevention solution from TippingPoint Technologies. Management, of course, is curious and wonders why we even use Snort when we could spend money on a solution rather than have it free. :-P Gotta spend that money, you know.Thanks. KJThanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry () linknet-solutions com Thanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry () linknet-solutions com ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- tippingpoint Kerry Cox (Oct 14)
- Re: tippingpoint Sean Perry (Oct 14)
- Re: tippingpoint Josh Berry (Oct 14)
- RE: tippingpoint Brian Laing (Oct 15)
- Re: tippingpoint Jeff Nathan (Oct 15)
- Re: tippingpoint Josh Berry (Oct 14)
- Re: tippingpoint Sean Perry (Oct 14)
- RE: tippingpoint Geoff (Oct 14)
- <Possible follow-ups>
- RE: tippingpoint Rich Stryker (Oct 14)
- Re: tippingpoint Josh Berry (Oct 14)
- Re: t(r)ippingpoint? Jason (Oct 14)
- Re: t(r)ippingpoint? Josh Berry (Oct 14)
- Re: t(r)ippingpoint? Jason (Oct 14)
- RE: tippingpoint Rich Stryker (Oct 16)
- QUASHING THREAD: Re: tippingpoint Jeff Nathan (Oct 16)
- RE: tippingpoint Marc Quibell (Oct 16)
- RE: tippingpoint Gross Barry D. (Oct 16)