Results 1 to 3 of 3

Thread: TippingPoint IPS

  1. #1
    Senior Member
    Join Date
    Oct 2002
    Posts
    314

    TippingPoint IPS

    Has anyone had experiences (good or bad) with the TippingPoint Intrusion Prevention system? If so could you share your thoughts.

    thanks.

    after this sat around for a while ...

    How about IPS in general? anyone had any experiences good or bad with IPS?
    Quis custodiet ipsos custodes

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I didn't respond initially because I have nothing to say about this product in particular. But since you got no "bites" I'll throw my 2c into the ring......

    I don't like IPS's for one simple reason. In theory they give an attacker with the opportunity to DoS you. Furthermore, the IPS will be fairly recognizable as just that, an IPS, so it then makes the attackers job easier if he just wants to screw with you.

    There was an IPS, (it may have been this one), that was an interesting concept. It looked, specifically, for reconnaisance actions and fed back erroneous data and stored what it sent in a database. Then, if an attack was initiated against that service on that "imaginary" IP the system would pretend not to cooperate IIRC. No harm done to the network. It's a bit like a honeynet but something unconvinced me about it's effectiveness. I think there was a thread about it here about 18 months ago but I have no idea what to put into the search....

    If someone can come up with an IPS that wouldn't make itself pretty obvious to the attacker then I might be interested.... I just have some problem working out how that can be acheived.... OTOH, there's a lot of people out there that are a lot smarter than me.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Thanks Tiger.

    I am engaged in 'intense' negotiations with a client who insists an IPS is all they need....I have the NSS reporton Tipping Point which indicates its the best one, but as you say, still in no way a silver bullet.
    Quis custodiet ipsos custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •