Re: IPS with no IP address?
From: Brad McGary (bmcgary_at_secondfront.net)
Date: 01/08/05
- Previous message: Krystian Antoni: "Re: CISCOs new IPS"
- In reply to: Jeff McCarthy: "IPS with no IP address?"
- Next in thread: Mike Barkett: "RE: IPS with no IP address?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Jeff McCarthy" <intel1914a@yahoo.com>, <focus-ids@securityfocus.com> Date: Fri, 7 Jan 2005 23:12:24 -0600
Jeff,
As far as I know these guys http://www.nitrosecurity.com/ pioneered the
concept of the stackless control channel. Basically directing control
packets towards an IP on the opposite side of the device. They wrote
snort-inline and hogwash.
Here's my feeble attempt at describing the process:
Stackless Control Channel - AES encrypted packets directed through the
appliance by attempting to send traffic to a host on the opposite side
Recognizer - Code running on the appliance capable of interpreting
encrypted control packets, decrypting them, and executing the embedded
instructions
Control Panel - GUI interface generates control packets and directs them
through the appliance
Each packet that passes through the appliance is checked for a "magic
token" in the payload. If the token is found, the appliance will attempt to
decrypt the payload following the magic token. If the token is found again
immediately following the first magic token, the appliance knows it has
found a control packet and processes the command.
The innovative stackless architecture offers optimal placement for packet
inspection and interdiction without necessitating network topology
modifications. Bi-directional access means it's possible to manage the
device securely from anywhere on the globe that supports Internet
connectivity.
Hope this helps.
----- Original Message -----
From: "Jeff McCarthy" <intel1914a@yahoo.com>
To: <focus-ids@securityfocus.com>
Sent: Wednesday, January 05, 2005 2:17 PM
Subject: IPS with no IP address?
> Hello,
>
> I recently sat in on an IPS vendor presentation. They
> stated that their IPS has 2 Ethernet interfaces,
> neither of which have IP addresses yet they can manage
> and monitor the device over IP. I thought this was
> interesting and somewhat unique.
>
> Are there any other vendors that do that? I know at
> least one other vendor has no IP on the interfaces
> listening to traffic but they have a seperate
> interface with an IP for management.
>
> Thanks,
>
> Jeff McCarthy
> USM
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - Easier than ever with enhanced search. Learn more.
> http://info.mail.yahoo.com/mail_250
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
>
>
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Krystian Antoni: "Re: CISCOs new IPS"
- In reply to: Jeff McCarthy: "IPS with no IP address?"
- Next in thread: Mike Barkett: "RE: IPS with no IP address?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
