[j-nsp] Juniper ASP/ASM IDS real world?
Michael Loftis
mloftis at wgops.com
Sat Mar 4 21:31:20 EST 2006
I'm really curious about any real world deployment and use of the IDS
component in the ASPIC/ASModule on the M series (T, J?)...
>From what I can tell, unless you tell it to log all of the drops, you can't
get it to log the source of the attack, just the destination. That's fine
and dandy enough...using SEC or similar could cause it to run over really
quickly to the management UI and query for the particular problem sources.
To me, the source of the attack is far more important than the destination.
Dest is important, but not as important as knowing where it came from so
that aggressive sources can be blocked more permanently or widely than the
ASM/ASP will do on it's own inside of the IDS service.
To that end, is anyone out there deploying this in a real world scenario?
Heck even lab experience would be nice to hear about too.
I googled the archives but didn't seem to find anything relevant.
--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler
More information about the juniper-nsp
mailing list