How about using a different network element for gaining a bit of both? There are devices that can dynamically change their role. They can behave as taps allowing detection only on the IPS side and can forward the traffic through the IPS (as with inline implementation). Using such device allows your IDS/IPS be in a "local out-of-path" environment during peace time, thus reducing the chances of network problems caused by the IPS and avoiding the additional latency. When attack is detected traffic can be diverted to pass through the IPS and be blocked/dropped/mitigated/etc.
Of course the a main con with such environments is that a single packet event cannot be addressed by blocking/dropping. However, RST sending race is still relevant, as mentioned in this thread. -- - Ichilov -- View this message in context: http://old.nabble.com/IDS-causing-troubles-tp30819753p30964057.html Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com. ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
