11-27-2013 04:20 AM - edited 03-10-2019 06:06 AM
Hi all
I have been reading some info on ips and ddos
I believe that IPS cannot really deal with DDOS attack as they only look at traffic from one source etc.
can anyone tell me if IPS can prevent ddos? or should you be looking at something else ?
cheers
11-27-2013 09:32 AM
Cisco IPS sensors can provide limited DDoS protection under a small set of circumstances (all three must be satisfied):
1. The DDoS attack has a signature.
2. The signature correctly triggers (you'll never know what string the signature triggers on, because Cisco keeps that information secret, unlike some other vendors like SourceFire).
3. The DDoS attack is not volumetric (most DDoS attacks relay on a greater volume of traffic overwhelming your access capacity) It doesn't matter how well an IPS sensor can detect and block traffic if your access pipe is full.
- Bob
12-20-2013 02:36 PM
Here is signature refers to DDoS 1493/0 :
Interesting information about DDoS from SIO (Cisco Security Intelligence Operations ) perspective:
http://blogs.cisco.com/security/csro-perspective-on-financial-DDoS-attacks/
http://www.cisco.com/web/about/security/intelligence/ERP-financial-DDoS.html
Jhn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide