Re: Denial of Service: Commercial Defense products

Matt,

The integration of this technology has started a few months ago. A version
with the adaptive behavioral DoS protection wil be released in three weeks
(Jan 2006)

Avi

>From: FinAckSyn <finacksyn_at_yahoo.co.uk>
>To: avi chesla <chess4_4_at_hotmail.com>, devdas_at_dvb.homelinux.org,
>focus-ids_at_securityfocus.com
>Subject: Re: Denial of Service: Commercial Defense products
>Date: Thu, 22 Dec 2005 17:29:35 +0000 (GMT)
>
>Hi Avi,
>
>Having only just acquired V-Secure at the end of
>Novemeber you guys must have put in an amazing amount
>of manpower to integrate their technology into the
>DefensePro platform...
>A 3 week turnaround must be something you're all very
>proud of! :P
>Seriously though, when can we expect the first beta
>releases so we can get this tested?
>
>Cheers,
>
>Matt
>
>--- avi chesla <chess4_4_at_hotmail.com> wrote:
>
> > Hi Matt,
> >
> > It should be noted that I am an employee of Radware.
> > The following answer is
> > informative only.
> >
> > The problem you have encountered has been handled in
> > the latest versions of
> > the DefensePro.
> > A new mechanism (adaptive behavioral DoS protection)
> > which aims to handle
> > all types of floods has been implemented. This new
> > mechanism uses a mature
> > technology that was taken from V-Secure Technologies
> > (this is involved with
> > the acquisition that Radware made). The new
> > mechanism mitigates TCP (Syn and
> > also other TCP floods), UDP, ICMP and IGMP floods by
> > using a statistical
> > adaptive approach (i.e., no thresholds need to be
> > set). The mitigation
> > methods that this mechanism allows are highly
> > granular which means that the
> > detected attack is blocked according to multiple
> > characteristic parameters
> > taken from the packet headers and payload. These
> > parameters (e.g.,
> > checksums, packet sizes, TTL, ports, DNS queries
> > etc) are detected on the
> > fly and are automatically tailored through an AND
> > and OR logical
> > relationships in order to generate the most narrow
> > prevention measure
> > against the detected attack (all in order to
> > minimize the blocking of
> > legitimate users).
> > The integrated technology allows this whole process
> > (detection and
> > prevention) to take place without user intervention.
> > If you test mitigation tools, you should especially
> > focus on the granularity
> > and accuracy of the prevention rules that these
> > tools provide.
> > Regarding Toplayer and Riverhead, the aforementioned
> > new protection is
> > actually a breakthrough for Radware mitigation
> > capabilities. I advise you
> > to test Radware's new DoS and DDoS solution compared
> > to the other vendors –
> > I think that the differences can be easily exposed.
> >
> > Let me know if need any more assistance.
> >
> > Avi
> >
> >
> > >From: FinAckSyn <finacksyn_at_yahoo.co.uk>
> > >To: avi chesla <chess4_4_at_hotmail.com>,
> > devdas_at_dvb.homelinux.org,
> > >focus-ids_at_securityfocus.com
> > >Subject: Re: Denial of Service: Commercial Defense
> > products
> > >Date: Fri, 16 Dec 2005 11:46:52 +0000 (GMT)
> > >
> > >Hi Avi,
> > >
> > >The big problem I had with RadWare DefensePro (this
> > >was about a year ago), was that I couldn't set the
> > SYN
> > >cache timeout to anything less than 3 seconds. As
> > the
> > >cache could only hold 64,000 SYNs, any SYN Flood
> > >larger than 64,000/3 = 21,333 SYN/s would
> > completely
> > >fill the cache.
> > >This spelt disaster every time a SYN flood hit the
> > >network, as invalid SYNs filled up the cache,
> > leaving
> > >no space for new, legitimate connections to be
> > setup.
> > >True, the SYN Flood was mitigated, but at the
> > expense
> > >of any new connections (existing ones were
> > preserved),
> > >which is generally bad if you're dealing with
> > critical
> > >applications and web presences.
> > >I would love to hear from RadWare as to whether or
> > not
> > >this limitation has actually being fixed, and if it
> > >has, how their new technology now fares against the
> > >more mature mitigation products such as TopLayer
> > and
> > >Riverhead.
> > >
> > >Rgds,
> > >
> > >Matt
> > >
> > >--- avi chesla <chess4_4_at_hotmail.com> wrote:
> > >
> > > > Hi, You shoould also consider Rdaware's
> > DefensePro
> > > > with their new behavioral
> > > > based DDoS protection.
> > > >
> > > > Avi
> > > >
> > > >
> > > > >From: Devdas Bhagat <devdas_at_dvb.homelinux.org>
> > > > >Reply-To: Devdas Bhagat
> > <devdas_at_dvb.homelinux.org>
> > > > >To: focus-ids_at_securityfocus.com
> > > > >Subject: Re: Denial of Service: Commercial
> > Defense
> > > > products
> > > > >Date: Thu, 24 Nov 2005 21:59:41 +0530
> > > > >
> > > > >On 22/11/05 16:43 +0700, Ogle wrote:
> > > > > > Hi,
> > > > > > I have an ISP customer who want to protect
> > their
> > > > network and their
> > > > > > subscriber's network.
> > > > > > In "Internet Denial of Service: Attack and
> > > > Defense Mecahnisms" book, I
> > > > > > noticed 7 commercial products.
> > > > > > 1. Mazu Enforcer by Mazu Networks
> > > > > > 2. Peakflow by Arbor Networks
> > > > > > 3. WS Series Apliances by Webscreen
> > Technologies
> > > > > > 4. Captus IPS by Captus Networks
> > > > > > 5. MANAnet Shield by CS3
> > > > > > 6. Cisco Traffic Anomaly Detector XT and
> > Cisco
> > > > Guard XT
> > > > > > 7. StealthWatch by Lancope
> > > > > >
> > > > > > Since I'm new with this type of products, is
> > > > there any reference out
> > > > > > there to help me choose the right solution
> > to my
> > > > customer ?
> > > > > > Is there any problem if I use IPS (ie:
> > > > TippingPoint, McAfee) for this
> > > > >solution ?
> > > > >
> > > > >What kind of DoS? Is this a simple packet
> > flooding
> > > > choking the pipe? Is
> > > > >this an application layer attack? Syn floods?
> > > > Physical damage to links?
> > > > >
> > > > >Devdas Bhagat
> > > > >
> > > >
> > >
> >
> >------------------------------------------------------------------------
> > > > >Test Your IDS
> > > > >
> > > > >Is your IDS deployed correctly?
> > > > >Find out quickly and easily by testing it
> > > > >with real-world attacks from CORE IMPACT.
> > > > >Go to
> > > >
> >
> >http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > > > >to learn more.
> > > >
> > >
> >
> >------------------------------------------------------------------------
> > > > >
> > > >
> > > >
> >
> >_________________________________________________________________
> > > > Express yourself instantly with MSN Messenger!
> > > > Download today it's FREE!
> > > >
> >
> >http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > > >
> > > >
> > > >
> >
> >------------------------------------------------------------------------
> > > > Test Your IDS
> > > >
> > > > Is your IDS deployed correctly?
> > > > Find out quickly and easily by testing it
> > > > with real-world attacks from CORE IMPACT.
> > > > Go to
> > > >
> >
> >http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > > >
> > > > to learn more.
> > > >
> >
> >------------------------------------------------------------------------
> > > >
> > > >
> > >
> > >
> > >
> > >
> >
> >___________________________________________________________
> >
>=== message truncated ===
>
>
>
>
>___________________________________________________________
>Too much spam in your inbox? Yahoo! Mail gives you the best spam protection
>for FREE! http://uk.mail.yahoo.com

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Jan 02 2006