Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: stateful vs stateless

from [Jet] Network Security [Permanent Link]
Subject: Re: stateful vs stateless
Date: Mon, 22 Nov 2004 08:43:24 +0800 
Hi Jochen, let me expand your question a bit to make it clearer.

On Fri, 19 Nov 2004 12:35:51 +0100, Jochen Vogel <jvogel@it-sec.de> wrote:

hi,

-what are doing the stateful and stateless doing exactly in an IPS?
-what are the differences?
-how is the behaviour in an high availabilty environment?



1. How exactly the stateful and stateless doing in an IPS?

Depend on the location of the IPS. 
If the IPS is behind a stateful firewall, then not much differences.
If the IPS is not behind any firewall or merely protected by stateless
firewall, then: -
- Stateful feature helps to reduce false alarm.
- Stateful feature helps to speed up the detection process

2. What are the differences between stateful and stateless in an IPS?

Both the stateful and stateless are happened at the detection process,
not at the protection/prevention process. Their differences should be
very clear.
Stateless detection might contain higher rate of false alarm.

3. How should them behave in an HA environment?

I haven't experienced any IPS in a HA network.
And I will let other expert to answer this better.
Anyway, I think the IPS should assume everything are stateless.

-- 
Jet

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: parsing very large tcpdump files, Carlos Henrique P C Chaves
Next by Date:  Re: ISS Siteprotector as syslog server?, Andres Riancho
Previous by Thread:  stateful vs stateless, Jochen Vogel
Next by Thread:  query regarding snort customization, gaurav_jindal
Indexes:  [Date] [Thread] [Top] [All Lists]