Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: IPS!! Intrusion prevention systems

  1. #11
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Sounds more like a "smart tarpit" to me. I wonder if I did this lil' thing here and some lil' thing there, I could get a tarpit doing the same thing without having to spend thousands of dollars on it? What do you guru's think?
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  2. #12
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Yeah, many people say that IPS systems are nothing more than a rehash of existing technology with a hip and happening new name. Personally, I happen to lean toward that point of view but it's always nice to look it over just incase there is added features, benefits and/or value.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #13
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    If I can have my "IDS" not only alert me but also protect the network by initiating proactive measures to block an attack I would rather have that over the simple alert notification.
    Although some of the things being talked about here are a bit more advanced than what's been around, I don't think this is really anything revolutionary. Portsentry is one package I can think of that has been doing this for years now. I've never used it personally, but my understanding is that it can detect a port scan, which is usually the first stage of an attack, and then perform any number of responses ranging from logging the scanner's IP address to launching a retaliatory script of some sort. It can dynamically drop all packets originating from the attacker's IP and add the address to hosts.deny.

    It would be interesting to see a product that could detect more advanced kinds of attacks than a portscan, though. I do agree that this is an area ripe for development, but it's not really a new idea.
    Do what you want with the girl, but leave me alone!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •