Re: IPS - Cisco vs. McAfee vs. Tippingpoint



--On Thursday, July 30, 2009 04:09:32 -0500 Hurgel Bumpf <l0rd_lunatic@xxxxxxxxx> wrote:



Hi Paul,

thank you for your valuable input.

The box was definately not overloaded, it just ran amok killing sessions :)

Wouldn't that be the definition of overloaded? :-)


Please see my answer to Larry with further informations about this incident.
There i also describe why the 2400 does not log ip adresses.


I think it's kind of moot, since the evidence suggests that an IPS is not the right solution for the problem you're trying to solve.

As others have suggested, if you're trying to protect against DDoS attacks, IPS devices are probably not the right approach. DDoS attacks are a special category of attack that take specialized equipment as well as coordination with your upstream vendors to overcome. And frankly, I'm not convinced there really is an answer. Drive enough "legitimate" traffic to a site, any site, no matter how well it's sized and load balanced, and you will DoS the site. DDoS appliances can mitigate but not completely stop that sort of attack, especially from distributed botnets with nodes all over the world.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.


-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194