Re: IPS - Cisco vs. McAfee vs. Tippingpoint


Hi Joel,


Right now I have a look at Toplayer, they seem to have long experience in this area.

I dont know what riverbed did to the mazu but now everything is linked to the traffic optimizer when you look for mazu on their page.

http://www.riorey.com looks very interesting, as they focus on protection from DDOS attacks.

thank you for your interesting contribution!


Andre



--- Joel Snyder <Joel.Snyder@xxxxxxxxx> schrieb am Mi, 29.7.2009:

Von: Joel Snyder <Joel.Snyder@xxxxxxxxx>
Betreff: Re: IPS - Cisco vs. McAfee vs. Tippingpoint
An: "focus-ids@xxxxxxxxxxxxxxxxx" <focus-ids@xxxxxxxxxxxxxxxxx>
CC: "Hurgel Bumpf" <l0rd_lunatic@xxxxxxxxx>
Datum: Mittwoch, 29. Juli 2009, 15:10
Hi List,

i need to protect a "realtime" website with an inline
IPS from (D)DOS attacks.

You should not be looking at Cisco, McAfee, or Tippingpoint
(or, as some have suggested, Sourcefire or Fortinet). 
None of them specializes in DoS attacks, and all will give
you fairly poor results if that's your main concern. 
This is not to say that these aren't great products when
used as designed; it's just to point out that none of them
are designed to be very good at DoS protections.  I'm
sure that the sales droids are happy to tell you that
they're good DoS boxes but, as you found out, they aren't.

You want to look at products that focus on DoS (and other
rate-based attacks), probably starting with TopLayer and
Arbor (someone else already suggested that), but also Mazu
(now part of Riverbed).  There are also some smaller
companies that have had success in this space. For example,
one of our customers bought a DoS mitigation box from Riorey
(http://www.riorey.com/) and they think it's the bees
knees.

jms

-- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   
   Phone: +1 520 324 0494
jms@xxxxxxxxx 
              http://www.opus1.com/jms





-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194

Relevant Pages

  • Re: [Lit.] Buffer overruns
    ... might become a DoS attack when re-written in a safe language. ... Some safe languages go even farther, and come with libraries that reduce ... would allow code substitution attacks in plain C and would allow DoS ... programmer is devoting much of their mental capacity to reasoning about ...
    (sci.crypt)
  • Three Windows XP UPNP DOS attacks
    ... Three Windows XP UPNP DOS attacks ... The first DOS is simply due to bad code. ... just strings and strings of 'A's. ... open approximately 200 connections and send the proper header followed ...
    (Bugtraq)
  • Re: [Full-disclosure] DoS attacks on MIME-capable software via complex MIME emails
    ... I did some testing on DoS ... attacks with message/partial before I found the other problems. ... multiparts are resolved, you will want to look there for more bugs. ... you do not need to look at obscure content-types in order to mount ...
    (Full-Disclosure)
  • Re: IPS - Cisco vs. McAfee vs. Tippingpoint
    ... Joel Snyder schreef: ... i need to protect a "realtime" website with an inline IPS from DOS attacks. ... None of them specializes in DoS attacks, and all will give you fairly poor results if that's your main concern. ... This is not to say that these aren't great products when used as designed; it's just to point out that none of them are designed to be very good at DoS protections. ...
    (Focus-IDS)
  • Re: IPS - Cisco vs. McAfee vs. Tippingpoint
    ... i need to protect a "realtime" website with an inline IPS from DOS attacks. ... You should not be looking at Cisco, McAfee, or Tippingpoint. ... None of them specializes in DoS attacks, and all will give you fairly poor results if that's your main concern. ... This is not to say that these aren't great products when used as designed; it's just to point out that none of them are designed to be very good at DoS protections. ...
    (Focus-IDS)
Quantcast