Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

RE: Signatures taking down network
From: "Ghetti, Tim" <tghetti () air-worldwide com>
Date: Wed, 18 Jan 2006 19:37:39 -0500
Had the same thing happen to all my xp sp2 systems when Trendmicro
decided to release a virus pattern update that wasn't thoroughly tested.
If you plan on automating updates, just be sure to have some sort of QA
first. Tough when the systems are expensive, but if you want HA you have
to pay for it!

Good luck!


-----Original Message-----
From: David Williams [mailto:dwilliamsd () gmail com] 
Sent: Saturday, January 14, 2006 9:04 AM
To: focus-ids () securityfocus com
Subject: Signatures taking down network

I'm evaluating a Tipping Point box and after gettting the 
latest signatures I'm having problems with the box 
"crashing".  My goal is not to bash Tipping Point, but 
instead to gather information on how often people have seen 
this type of thing among IPS boxes.

Is there a trend with vendors to roll out signatures as fast 
as possible without proper QA?  This brings up a lot of 
questions about deploying IPS.  I want two opposite things 
from my vendors:  1) I want the latest signatures super fast. 
 2)  I want proper QA so that it doesn't bring down my 
network.  I realize those two things are contradictory, but I 
thought I'd throw it out there to see if anybody had any thoughts.

thanks,

d

--------------------------------------------------------------
----------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world 
attacks from CORE IMPACT.
Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------
----------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]