OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Can someone explain this to me? (Was "network based IDS")
From: Jon Gary (jgaryCLICKTOSECURE.COM)
Date: Thu Nov 30 2000 - 18:03:30 CST

The simple answer is that it can't. That's what Firewalls and Routers are
for :). IDS, as implied by it's name, is really good at detecting problems,
and is rarely good at preventing them.

Jon
  -----Original Message-----
  From: Focus on Intrusion Detection Systems
[mailto:FOCUS-IDSSECURITYFOCUS.COM]On Behalf Of Rob Shein
  Sent: Thursday, November 30, 2000 2:58 PM
  To: FOCUS-IDSSECURITYFOCUS.COM
  Subject: Can someone explain this to me? (Was "network based IDS")

  Ok, I'd really like to know how an IDS is possibly going to be able to
protect against a DDoS, since the real problem is as much the volume of
traffic as the type of traffic. Obviously, by "DDoS," I am referring to the
expansive, all-out mob-style attacks that made the term famous, not a set of
5 dial-up users who have been compromised. Even if the IDS can create rules
on the fly in your firewall while brewing you a perfect cup of macchiato and
taking your pet iguana for a walk, how can it possibly do any good when your
link is saturated out past the border of your own network?

> The CaptIo can create rules "on the fly" to protect against DDOS attacks
in less than 3 seconds.