[unisog] IPS

Dave Ellingsberg dave.ellingsberg at csu.mnscu.edu
Wed Feb 9 14:10:36 GMT 2005

you miss my point I believe.  You do business with a bank.  say ip is
8.8.8.xx   I spoof packets that are blocked by your IPS from host
addresses in the block.  your ips detects these as an attack
and blocks ips from that block.  Now you and your bank are having
troubles connecting and your business is disrupted.

this is my worry with IPS systems.


>>> david.escalante at bc.edu 2/8/2005 3:43:56 PM >>>
Dave Ellingsberg wrote:

>One item not discussed is possible DoS against major customers of
>institutions.  If addresses are spoofed in an attack against your
>institution with addresses of your major users does this cause an
>interruption of service to your major customers.  Has anyone
>this sort of attack against an IPS service?
Network IPS devices don't all handle DoS and DDoS the same, or even
well in some cases.  If this is a specific issue with you, you should 
discuss it in detail with your contemplated vendors.  IMHO, in general

the Top Layer folks have devoted the most time and attention to this 
particular issue.
David Escalante
Boston College
unisog mailing list
unisog at lists.sans.org 

More information about the unisog mailing list