Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Denial of Service: Commercial Defense products

from [snort user] Network Security [Permanent Link]
Subject: Re: Denial of Service: Commercial Defense products
Date: Sun, 18 Dec 2005 12:55:08 -0500 
If you set the timeout to less than 3 seconds, the system would be blocking
everything including legitimate connection.
The solution will be to increase the cache size.

On 12/16/05, FinAckSyn <finacksyn@yahoo.co.uk> wrote:

Hi Avi,

The big problem I had with RadWare DefensePro (this
was about a year ago), was that I couldn't set the SYN
cache timeout to anything less than 3 seconds.  As the
cache could only hold 64,000 SYNs, any SYN Flood
larger than 64,000/3 = 21,333 SYN/s would completely
fill the cache.
This spelt disaster every time a SYN flood hit the
network, as invalid SYNs filled up the cache, leaving
no space for new, legitimate connections to be setup.
True, the SYN Flood was mitigated, but at the expense
of any new connections (existing ones were preserved),
which is generally bad if you're dealing with critical
applications and web presences.
I would love to hear from RadWare as to whether or not
this limitation has actually being fixed, and if it
has, how their new technology now fares against the
more mature mitigation products such as TopLayer and
Riverhead.

Rgds,

Matt

--- avi chesla <chess4_4@hotmail.com> wrote:


Hi, You shoould also consider Rdaware's DefensePro
with their new behavioral
based DDoS protection.

Avi



From: Devdas Bhagat <devdas@dvb.homelinux.org>
Reply-To: Devdas Bhagat <devdas@dvb.homelinux.org>
To: focus-ids@securityfocus.com
Subject: Re: Denial of Service: Commercial Defense

products

Date: Thu, 24 Nov 2005 21:59:41 +0530

On 22/11/05 16:43 +0700, Ogle wrote:

Hi,
I have an ISP customer who want to protect their

network and their

subscriber's network.
In "Internet Denial of Service: Attack and

Defense Mecahnisms" book, I

noticed 7 commercial products.
1. Mazu Enforcer by Mazu Networks
2. Peakflow by Arbor Networks
3. WS Series Apliances by Webscreen Technologies
4. Captus IPS by Captus Networks
5. MANAnet Shield by CS3
6. Cisco Traffic Anomaly Detector XT and Cisco

Guard XT

7. StealthWatch by Lancope

Since I'm new with this type of products, is

there any reference out

there to help me choose the right solution to my

customer ?

Is there any problem if I use IPS (ie:

TippingPoint, McAfee) for this

solution ?

What kind of DoS? Is this a simple packet flooding

choking the pipe? Is

this an application layer attack? Syn floods?

Physical damage to links?


Devdas Bhagat



------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to



http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.


------------------------------------------------------------------------






_________________________________________________________________

Express yourself instantly with MSN Messenger!
Download today it's FREE!


http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/





------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.


------------------------------------------------------------------------








___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo! 
Security Centre. http://uk.security.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Denial of Service: Commercial Defense products, avi chesla
Next by Date:  RE: Remote IDS Testing - Config question, Hank . Schupp
Previous by Thread:  Re: Denial of Service: Commercial Defense products, avi chesla
Next by Thread:  RE: Denial of Service: Commercial Defense products, Kyle Quest
Indexes:  [Date] [Thread] [Top] [All Lists]