Commenting on an email I read earlier today, some people apparently still have the misconception that an IPS simply sends an RST packet, and therefore, shortly after a session that is taking place between two parties should die.
Nope.
A real IPS, in my opinion, has full control of the traffic. Cable one, exits firewall, enters port 1 on IPS, cable 2, exits port 2 on IPS and goes to switch.
While the traffic is passing through the IPS, the engine (in Sourcefire's case -- Snort) makes the decision if the traffic that entered port 1 should be allowed to go out port 2 and vice versa.
Can Sourcefire's devices send RST packets? Sure! But why would you want to give away where your IPS was on the network? Why not just silently drop the connection into the big bit bucket in the sky and go on about your day?
Oh. And do this at >10 Gig a second? Yeah it's awesome.
Please leave comments below.
1 comment:
[...] research Roock RST 650 - Specialty File. Visit CARandDRIVER.com now for the latest automotive news.IPS's don't just send RST packets. | FinshakeCommenting on an email I read earlier today, some people apparently still have the misconception [...]
Post a Comment