Re: Signatures taking down network

From: Paul Schmehl <pauls@xxxxxxxxxxxx>
Date: Mon, 16 Jan 2006 11:53:00 -0600

Talk to your TP rep. They just discovered a DoS issue with some HTML attacks that are ongoing, which requires a TOS update. The update is available. They should be able to provide it to you or do it for you on the demo box.

--On Saturday, January 14, 2006 09:03:53 -0500 David Williams <dwilliamsd@xxxxxxxxx> wrote:

I'm evaluating a Tipping Point box and after gettting the latest
signatures I'm having problems with the box "crashing".  My goal is
not to bash Tipping Point, but instead to gather information on how
often people have seen this type of thing among IPS boxes.

Is there a trend with vendors to roll out signatures as fast as
possible without proper QA?  This brings up a lot of questions about
deploying IPS.  I want two opposite things from my vendors:  1) I want
the latest signatures super fast.  2)  I want proper QA so that it
doesn't bring down my network.  I realize those two things are
contradictory, but I thought I'd throw it out there to see if anybody
had any thoughts.

thanks,

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------

References:
- Signatures taking down network
  - From: David Williams

Prev by Date: Re: Signatures taking down network
Next by Date: RE: Tuning false positives (SIM and VM)
Previous by thread: Re: Signatures taking down network
Next by thread: Re: Signatures taking down network
Index(es):
- Date
- Thread

Relevant Pages

Re: SQL injection Patterns
... emergingthreats and IntruPro-IPS signatures. ... I am studying SQL injection attacks. ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
RE: Specification-based Anomaly Detection
... >>shortcomings of signatures, it has to be considered seriously. ... the significance of zero day attacks is way ... "PhpInclude" and Santy, its predecessor, are application layer attacks. ... first worm to exploit a OWASP top 10 security problem and not a specific ...
(Focus-IDS)
RE: Specification-based Anomaly Detection
... >shortcomings of signatures, it has to be considered seriously. ... the significance of zero day attacks is way ... What is your basis for saying that anomaly detection usually detects ...
(Focus-IDS)
AW: Changes in IDS Companies?
... So I take it you have configured your NIPS to block all might-be attacks, ... How can he fine-tune the GIDS without knowledge of the infrastructure behind the ... these signatures. ...
(Focus-IDS)
Re: Core Impact references
... There are several ways to accomplish what you need within CORE IMPACT. ... > can reduce the chances of the attacks being noticed. ... >>Hackers are concentrating their efforts on attacking applications on ... Check your website for ...
(Pen-Test)