OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Can someone explain this to me? (Was "network based IDS")
From: Joseph Nicholas Yarbrough (nyarbroughLURHQ.COM)
Date: Thu Nov 30 2000 - 19:13:29 CST

I have always understood that if it can create firewall rules, then it is a
RIDS (Reactive IDS), not an IDS. If it is a RIDS, as the message implies,
then it could be "rarely" good at preventing them.

-Nick

On Thursday 30 November 2000 19:03, you wrote:

> > The simple answer is that it can't. That's what Firewalls and Routers are
> for :). IDS, as implied by it's name, is really good at detecting
> problems, and is rarely good at preventing them.
>
> Jon
> -----Original Message-----
> From: Focus on Intrusion Detection Systems
> [mailto:FOCUS-IDSSECURITYFOCUS.COM]On Behalf Of Rob Shein
> Sent: Thursday, November 30, 2000 2:58 PM
> To: FOCUS-IDSSECURITYFOCUS.COM
> Subject: Can someone explain this to me? (Was "network based IDS")
>
>
> Ok, I'd really like to know how an IDS is possibly going to be able to
> protect against a DDoS, since the real problem is as much the volume of
> traffic as the type of traffic. Obviously, by "DDoS," I am referring to
> the expansive, all-out mob-style attacks that made the term famous, not a
> set of 5 dial-up users who have been compromised. Even if the IDS can
> create rules on the fly in your firewall while brewing you a perfect cup of
> macchiato and taking your pet iguana for a walk, how can it possibly do any
> good when your link is saturated out past the border of your own network?
>
> > The CaptIo can create rules "on the fly" to protect against DDOS
> > attacks
>
> in less than 3 seconds.

----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------