dave.ellingsberg at csu.mnscu.edu
Wed Feb 9 14:10:36 GMT 2005
you miss my point I believe. You do business with a bank. say ip is
8.8.8.xx I spoof packets that are blocked by your IPS from host
addresses in the 184.108.40.206/24 block. your ips detects these as an attack
and blocks ips from that block. Now you and your bank are having
troubles connecting and your business is disrupted.
this is my worry with IPS systems.
>>> david.escalante at bc.edu 2/8/2005 3:43:56 PM >>>
Dave Ellingsberg wrote:
>One item not discussed is possible DoS against major customers of
>institutions. If addresses are spoofed in an attack against your
>institution with addresses of your major users does this cause an
>interruption of service to your major customers. Has anyone
>this sort of attack against an IPS service?
Network IPS devices don't all handle DoS and DDoS the same, or even
well in some cases. If this is a specific issue with you, you should
discuss it in detail with your contemplated vendors. IMHO, in general
the Top Layer folks have devoted the most time and attention to this
unisog mailing list
unisog at lists.sans.org
More information about the unisog