Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: RE: RE : Experiences with Toplayer Attack Mitigator IPS

RE: RE : Experiences with Toplayer Attack Mitigator IPS

From: Bob Walder <bwalder_at_spamcop.net>
Date: Wed, 22 Oct 2003 08:55:13 +0200

The Intrusion Prevention Systems Group Test report (Edition 1) on which
we are working at the moment will be published December 19th
(www.nss.co.uk)

With the indulgence of those on this mailing list, I will be sure to
post a note here as soon as it is available.

It will include reviews of the main players in the Network IPS market
space - Top Layer, Intruvert/NAI, Tippingpoint and NetScreen - as well
as some of the host guys.

For those IPS vendors - host or network - who monitor this list and
would like to be in Edition 2 of the report (or IDS vendors who wish to
be in the next edition of our IDS/Gigabit IDS reports), feel free to get
in touch - we don't bite ;o)

See our Web site for current versions of the IDS reports
(www.nss.co.uk/ids and www.nss.co.uk/gigabitids)

Regards,

Bob Walder
Director
The NSS Group

------------------------------------------------------------------------
----------
This message is intended for the addressee only and may contain
information that may be of a privileged or confidential nature. If you
have received this message in error, please notify the sender and
destroy the message immediately. Unauthorised use or reproduction of
this message is strictly prohibited.

>> -----Original Message-----
>> From: Bourque Daniel [mailto:Daniel.Bourque_at_loto-quebec.com]
>> Sent: 22 October 2003 04:19
>> To: 'Alvin Wong'; Pat Stangler
>> Cc: focus-ids_at_securityfocus.com
>> Subject: RE : Experiences with Toplayer Attack Mitigator IPS
>>
>>
>>
>> What you are saying is how can I justify to my boss to
>> install a new security device after investing in 1 FW, IDS,
>> failover FW, second layer of fw, antivirus, second level of
>> antivus, third level of antivirus, anti-spam software, 24x7
>> monitoring, second e-mail server, encryption, vpn server, ...
>>
>> It's easy, you scare him...
>>
>> :o)
>>
>> Btw, when the report is available, please post a note here...
>>
>>
>> -----Message d'origine-----
>> De : Alvin Wong [mailto:alvin.wong_at_b2b.com.my]
>> Envoyé : 21 octobre, 2003 04:23
>> À : Pat Stangler
>> Cc : focus-ids_at_securityfocus.com
>> Objet : Re: Experiences with Toplayer Attack Mitigator IPS
>>
>>
>> Hi Pat,
>>
>> Thanks for sharing your experiences, i can understand how it
>> would be like in your situation. According to toplayer guys,
>> toplayer is great at dealing with DOS attacks. I'm still
>> waiting for the report from the network intrusion uk guys
>> who are coming out with the IPS shootout comparison soon.
>> Hopefully, a clearer picture performance wise can be
>> obtained and allow me to make a recommendation.
>>
>> Just attended a seminar today where fortinet introduced
>> their products, seems impressive but how's the comparison
>> with other all-in-one products, as security vendors are so
>> fond of touting nowadays?
>>
>> The thing i can't figure out is how can the enterprise
>> justify purchasing an all in one solution on top of their
>> existing network infrastructure which presumably is made up
>> of parts and more of what the integrated solution is
>> offering?e.g. firewall...vpn..antivirus..
>>
>> Regards,
>> Alvin
>>
>>
>>
>>
>> On Tue, 2003-10-21 at 00:47, Pat Stangler wrote:
>> > In-Reply-To: <1066388506.2643.130.camel_at_localhost.localdomain>
>> >
>> > >Hi,
>> > >
>> > >I am currently looking at toplayer's attack mitigator IPS
>> and looking
>> > >for people who are currently utilising toplayer in their
>> > >organisations to share their experience. How do you rate
>> the product
>> > >so far? Any difficulties and whether it serves it's
>> purpose/product
>> > >satisfaction? I've heard stories by the netscreen sales
>> guys whereby
>> > >toplayer becomes just another switch in the organisation and not
>> > >doing anything much. Of course, i'm sceptical of all this
>> talk which
>> > >is why i'm hoping for some 'real world' input from any
>> guys out here
>> > >who are deploying it.
>> > >
>> > >Thanks in advance,
>> > >Alvin
>> > >
>> >
>> > Alvin,
>> >
>> > I truly can't say enough about both the Top Layer staff and the
>> > products they develop!
>> >
>> > Netscreen says it's just another switch? That's so far
>> from the truth
>> > it's pathetic!!
>> >
>> > I own a small, but large hosting company serving over 3000 clients,
>> > domains, etc. Back in July, we were attacked by a "very"
>> sophisticated
>> DDoS attack from over 800 compromised servers/machines
>> across the globe, traffic exceeded 80-Mbps a second of
>> traffic, locking up routers, firewalls, etc. We were down
>> for 3 days while our backbone provider worked diligently to
>> stop these attacks by placing various filters on the switch
>> directly on the backbone just before our network interface,
>> nothing seemed to work, they'd block port 53 and the attack
>> would grab another port instantly so it was impossible to
>> block this thing with the current network infrastructure,
>> layer 7 switches, firewalls, routers, etc.
>> >
>> > After a day or so of trying anything and everything, we
>> found the Top
>> > Layer folks, made the call and started the process of
>> obtaining an IPS
>> device. This was approx 6pm CST on a Friday night ( 7pm EST,
>> where the Top Layer folks are located) Anyway, I was given
>> one of the sales guys cell number to make arrangements to
>> obtain an IPS unit. We talked a couple of times, and being
>> in St. Louis/Chicago it was sort of difficult to get a
>> flight at such late notice to Logan in Boston, they offered
>> to overnight the device on Monday, but we couldn't go
>> another 3 days of being down waiting for it, so I got the
>> next flight to Boston on Saturday, Dave from Top Layer
>> agreed to meet me closer to the airport. I left St. Louis at
>> 10:30am CST and was back on a plane to Chicago by 4pm or so,
>> landed in Chicago and shot over to our NOC, I plugged the
>> IPS unit in, set a few filters to mitigate various protocols
>> and within 20 minutes our network was up at 100%, while
>> still getting hit with 80Mbps+ a
>> > second.
>> >
>> > I really can't say enough about the Top Layer IPS device. We get
>> > attacked on a daily basis for some reason and from dozens
>> of sources
>> > and we never see any network latency or deficiencies. You can set
>> > custom filters within the control panel to block all of the new
>> > exploits/vulnerabilities, etc as well.
>> >
>> > If you need further info, let me know and I'll be glad to help out,
>> > but as it stands now, I couldn't sleep at night without
>> knowing the
>> > IPS was securing our network.
>> >
>> > Thanx!
>> > Pat Stangler
>> > Chicago Webs
>> >
>> >
>> -------------------------------------------------------------
>> ---------
>> > -----
>> > FREE Whitepaper: Better Management for Network Security
>> >
>> > Looking for a better way to manage your IP security?
>> > Learn how Solsoft can help you:
>> > - Ensure robust IP security through policy-based management
>> > - Make firewall, VPN, and NAT rules interoperable across
>> heterogeneous
>> > networks
>> > - Quickly respond to network events from a central console
>> >
>> > Download our FREE whitepaper at:
>> > http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
>> >
>> -------------------------------------------------------------
>> ---------
>> > -----
>> >
>>
>>
>> -------------------------------------------------------------
>> --------------
>> FREE Whitepaper: Better Management for Network Security
>>
>> Looking for a better way to manage your IP security?
>> Learn how Solsoft can help you:
>> - Ensure robust IP security through policy-based management
>> - Make firewall, VPN, and NAT rules interoperable across
>> heterogeneous
>> networks
>> - Quickly respond to network events from a central console
>>
>> Download our FREE whitepaper at:
>> http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
>> -------------------------------------------------------------
>> --------------
>>
>>
>> -------------------------------------------------------------
>> --------------
>> FREE Whitepaper: Better Management for Network Security
>>
>> Looking for a better way to manage your IP security?
>> Learn how Solsoft can help you:
>> - Ensure robust IP security through policy-based management
>> - Make firewall, VPN, and NAT rules interoperable across
>> heterogeneous
>> networks
>> - Quickly respond to network events from a central console
>>
>> Download our FREE whitepaper at:
>> http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
>> -------------------------------------------------------------
>> --------------
>>

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
---------------------------------------------------------------------------
Received on Oct 23 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos