[unisog] IPS

Dave Ellingsberg dave.ellingsberg at csu.mnscu.edu
Wed Feb 9 14:10:36 GMT 2005


you miss my point I believe.  You do business with a bank.  say ip is
8.8.8.xx   I spoof packets that are blocked by your IPS from host
addresses in the 8.8.8.0/24 block.  your ips detects these as an attack
and blocks ips from that block.  Now you and your bank are having
troubles connecting and your business is disrupted.

this is my worry with IPS systems.

bigfoot.

>>> david.escalante at bc.edu 2/8/2005 3:43:56 PM >>>
Dave Ellingsberg wrote:

>One item not discussed is possible DoS against major customers of
your
>institutions.  If addresses are spoofed in an attack against your
>institution with addresses of your major users does this cause an
>interruption of service to your major customers.  Has anyone
experienced
>this sort of attack against an IPS service?
>
Network IPS devices don't all handle DoS and DDoS the same, or even
very 
well in some cases.  If this is a specific issue with you, you should 
discuss it in detail with your contemplated vendors.  IMHO, in general

the Top Layer folks have devoted the most time and attention to this 
particular issue.
--
David Escalante
Boston College
_______________________________________________
unisog mailing list
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list