But what if it's the ISP co-location network that's overloaded, not the Akamai server itself at that facility? (eg a Denial of Service attack against some other site hosted at the same ISP)...
SpamAssassin is an implementation using perl that might also be useful. I believe this has more to it than just the Razor checking (it checks blacklists and headers etc.) - I have heard of some false-positives using it though, (but perhaps it just wasn't configured correctly.)
Deersoft have a Windows product based on SpamAssassin.
Indeed. When are these people going to learn that and IDS will *never* be Plug and Play. The reviewer seemed to think IDS's worked otherwise. IDS is complicated- There is no way around it. How do you know what an exploit for IIS/Apache/whatever is if it hasn't been discovered yet?
The article has absolutely no details into what they actually tested (in terms of previous/current/future exploits)- apart from their own internet connection. To me this sounds like an uninformed opinion.
In some ways I do agree that all IDS's seem rather dumb. Where's the Neural Network? Where is it not alerting you to things, until it's ascertained something *BAD* has happened, whereby it can pull all the previous data back for you?
Slashdot Mirror
But what if it's the ISP co-location network that's overloaded, not the Akamai server itself at that facility? (eg a Denial of Service attack against some other site hosted at the same ISP)...
Vipul's Razor is the protocol that Cloudmark uses.
SpamAssassin is an implementation using perl that might also be useful. I believe this has more to it than just the Razor checking (it checks blacklists and headers etc.) - I have heard of some false-positives using it though, (but perhaps it just wasn't configured correctly.)
Deersoft have a Windows product based on SpamAssassin.
Indeed. When are these people going to learn that and IDS will *never* be Plug and Play. The reviewer seemed to think IDS's worked otherwise. IDS is complicated- There is no way around it. How do you know what an exploit for IIS/Apache/whatever is if it hasn't been discovered yet?
The article has absolutely no details into what they actually tested (in terms of previous/current/future exploits)- apart from their own internet connection. To me this sounds like an uninformed opinion.
In some ways I do agree that all IDS's seem rather dumb. Where's the Neural Network? Where is it not alerting you to things, until it's ascertained something *BAD* has happened, whereby it can pull all the previous data back for you?