Re: IDS vs Application Proxy Firewall



an application proxy firewall normally looks for packets that do not
behave like how they are supposed to be as defined by the protocol
standards (RFC)..while an IDS looks for signs of an active attack in a
perfectly legitimate packet that is crafted according to standards..of
course..misbehaving packets are normally picked out by an IDS as well.
hope this helps!

2008/10/22 <maash.rajani@xxxxxxxxx>

Can someone please explain how is an IDS different from an application proxy firewall in terms of what each of them looks for in a packet.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------




--
./Zhihao

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • Re: Recent anti-NIDS Gartner article
    ... packets and throughput of traffic is not suffered by IDS. ... Some reasons why I feel Inline IDSes don't require expensive ... if the packets come out of order (people ... then tap IDS does not even know and packets ...
    (Focus-IDS)
  • Re: Test scripts for NIDS
    ... If you're using tcpreplay for performance testing, ... >> packets and they are being dropped? ... > the IDS catches everything. ... > increasing speeds until the IDS output changes (usually by failing to detect ...
    (Pen-Test)
  • RE: session logging IDS
    ... you to go back up to the beginning of the buffer to get some previous history. ... Subject: session logging IDS ... saying you can go back and review packets previous from when the sniffer was ...
    (Focus-IDS)
  • Re: Signature and Traffic generation
    ... Make sure that you're not only generating "signatures" but that they are ... Many of the low-end packet grepping IDS fall prey to this ... They're doing real sessions ... You may want to just capture packets from a live network under varying ...
    (Focus-IDS)
  • RE: GB IDS solutions
    ... Just a comment on "Gigabit" IDS... ... whether the packets are part of valid TCP/IP/UDP transactions ... This test is the equivalent of a car-maker saying their car goes ...
    (Focus-IDS)