Kyle Quest wrote: > This is just some background info on this new (D)DoS technology > Radware has, so people have a better idea of what Avi is talking > about...
Let's see... > These parameters are: > 1. Source IP. [...] > 17. DNS query ID. Basically, any numeric parameter which can be extracted from a TCP flow then... > They create dynamic filters and see what kind of effect they have > and how the blocked traffic source behaves. Based on those results > they adjust those filters. OK, this is what any anomaly detection system would do. It would be nice if vendors sometimes added something like "how are we using the data" :) > The way things work it's not unusual for them to block legitimate > traffic for a very small period of time while they are trying to > figure out if traffic they are processing is bad or good. Yes, this is pretty much the idea of everyone in the field :-D Stefano -- Cordiali saluti, Stefano Zanero Dottorando di Ricerca / Ph.D. Student Politecnico di Milano - Dip. Elettronica e Informazione Via Ponzio, 34/5 I-20133 Milano - ITALY Tel. +39 02 2399-4010/3660 Fax. +39 02 2399-3411 E-mail: [EMAIL PROTECTED] Web: www.elet.polimi.it/upload/zanero ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
