Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Denial of Service: Commercial Defense products

from [Stefano Zanero] Network Security [Permanent Link]
Subject: Re: Denial of Service: Commercial Defense products
Date: Tue, 03 Jan 2006 23:45:44 +0100 
Kyle Quest wrote:

This is just some background info on this new (D)DoS technology
Radware has, so people have a better idea of what Avi is talking
about...


Let's see...


These parameters are:
1.    Source IP.

[...]

17.   DNS query ID.


Basically, any numeric parameter which can be extracted from a TCP flow
then...


They create dynamic filters and see what kind of effect they have
and how the blocked traffic source behaves. Based on those results
they adjust those filters. 


OK, this is what any anomaly detection system would do. It would be nice
if vendors sometimes added something like "how are we using the data" :)


The way things work it's not unusual for them to block legitimate
traffic for a very small period of time while they are trying to
figure out if traffic they are processing is bad or good. 


Yes, this is pretty much the idea of everyone in the field :-D

Stefano
-- 
Cordiali saluti,
Stefano Zanero
Dottorando di Ricerca / Ph.D. Student

Politecnico di Milano - Dip. Elettronica e Informazione
Via Ponzio, 34/5 I-20133 Milano - ITALY
Tel.    +39 02 2399-4010/3660
Fax.    +39 02 2399-3411
E-mail: zanero@elet.polimi.it
Web:    www.elet.polimi.it/upload/zanero

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Tuning false positives - SIM is not the answer, Stefano Zanero
Next by Date:  Re: challenges in capturing Gigabit ethernet, Stefano Zanero
Previous by Thread:  Re: Denial of Service: Commercial Defense products, Securesolutions
Next by Thread:  WMF and IPS products?, Sam Evans
Indexes:  [Date] [Thread] [Top] [All Lists]