Re: RE : Denial of Service: Commercial Defense products

Thu, 01 Dec 2005 21:43:30 -0800 



Arobr Peakflow/X is a NetFlow-based behavioral anomaly-detection  
system; it models communications relationships, and generates  
anomalies when odd/disallowed communications relationships are  
established.  I've played with it in the lab, but not used it in  
production as I have Arbor Peakflow SP; it's an interesting product,  
with the potential to detect compromised hosts which aren't  
performing explicitly hostile actions such as launching DDoS attacks  
or mass spamming, but that are scanning more more hosts to  
compromise, communicating with botnet controllers, etc.


On Nov 25, 2005, at 6:26 PM, Bourque Daniel wrote:



Anybody have test PeakFlow-X from Arbon Networks inside their network?

Anybody using it?

-----Message d'origine-----
De : Nathan Davidson [mailto:[EMAIL PROTECTED]
Envoyé : 24 novembre, 2005 11:36
À : Joel Friedman; [email protected]
Objet : RE: Denial of Service: Commercial Defense products


I performed the same tests and larger on the Toplayer 5500-1000 with

virtually zero latentcy. Throughput is very important, so is the  
size of
your pipe and the ability to finely tune policy. This is why I  
think the

Toplayer is a good choice for most implmentations.


IMHO the Riverhead and Arbor are also good products for ISPs  
looking to do a
large backbone deployment as they can dynamically change routing in  
the

network based on anomily detection (this also means extra equipment is

required). Whilst the Toplayer is good for proxy based and point  
solutions,

bare in mind that a point solution can be a multi gig pipe.



        -----Original Message-----
        From: Joel Friedman [mailto:[EMAIL PROTECTED]
        Sent: Wed 23/11/2005 20:07
        To: [email protected]
        Cc:
        Subject: RE: Denial of Service: Commercial Defense products
        
        


---------------------------------------------------------------------- 
--

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.

Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
ids_040708

to learn more.

---------------------------------------------------------------------- 
--


--------------------------------------------------------------------
Roland Dobbins <[EMAIL PROTECTED]> // 408.527.6376 voice

 Algorithm agility is an essential feature in any Internet protocol.

                     -- Bruce Schneier




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------























					Reply via email to