Re: RE : Denial of Service: Commercial Defense products
- From: Roland Dobbins <rdobbins@xxxxxxxxx>
- Date: Mon, 28 Nov 2005 10:32:35 -0800
Arobr Peakflow/X is a NetFlow-based behavioral anomaly-detection system; it models communications relationships, and generates anomalies when odd/disallowed communications relationships are established. I've played with it in the lab, but not used it in production as I have Arbor Peakflow SP; it's an interesting product, with the potential to detect compromised hosts which aren't performing explicitly hostile actions such as launching DDoS attacks or mass spamming, but that are scanning more more hosts to compromise, communicating with botnet controllers, etc.
On Nov 25, 2005, at 6:26 PM, Bourque Daniel wrote:
Anybody have test PeakFlow-X from Arbon Networks inside their network?
Anybody using it?
-----Message d'origine----- De : Nathan Davidson [mailto:ndavidso@xxxxxxxxxx] Envoyé : 24 novembre, 2005 11:36 À : Joel Friedman; focus-ids@xxxxxxxxxxxxxxxxx Objet : RE: Denial of Service: Commercial Defense products
I performed the same tests and larger on the Toplayer 5500-1000 with
virtually zero latentcy. Throughput is very important, so is the size of
your pipe and the ability to finely tune policy. This is why I think the
Toplayer is a good choice for most implmentations.
IMHO the Riverhead and Arbor are also good products for ISPs looking to do a
large backbone deployment as they can dynamically change routing in the
network based on anomily detection (this also means extra equipment is
required). Whilst the Toplayer is good for proxy based and point solutions,
bare in mind that a point solution can be a multi gig pipe.
-----Original Message----- From: Joel Friedman [mailto:jfriedman@xxxxxxxxxxxx] Sent: Wed 23/11/2005 20:07 To: focus-ids@xxxxxxxxxxxxxxxxx Cc: Subject: RE: Denial of Service: Commercial Defense products
---------------------------------------------------------------------- --
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- ids_040708
to learn more.
---------------------------------------------------------------------- --
-------------------------------------------------------------------- Roland Dobbins <rdobbins@xxxxxxxxx> // 408.527.6376 voice
Algorithm agility is an essential feature in any Internet protocol.
-- Bruce Schneier
------------------------------------------------------------------------ Test Your IDS
Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
- Prev by Date: RE: Remote IDS Testing
- Next by Date: Re: Remote IDS Testing
- Previous by thread: RE: Remote IDS Testing
- Next by thread: Snort rules setup.
- Index(es):
