Populer Misconception: IPS can block DDoS attacks!

Posted by:

IPS products provide virtually perfect protection in application segment. Even though it has many capabilities, we cannot ignore the weaknesses of this system. Nowadays, DDOS attacks are composed of packets that are called valid packets. IPS systems filter out these valid packets in signature database and they might let them to pass through because these IPS systems only process packet titles and contents to control them. In this respect, advanced DDOS attacks made with valid packets would succeed.
Despite having some abnormality-based capabilities, IPS system needs comprehensive manual set up from specialists. Signatures in system get optimized by a team of experts. Also, it is evident that existing signatures in IPS systems are inadequate in determining today’s advanced DDOS attacks. When all these characteristics are taken into consideration, an attack that should have been prevented in seconds would not be able to prevented. At the same time, when attack records are analyzed by a team experts, they might be identified much more late or not identified at all.
Another weakness is that these devices physically fall behind against volumetric attacks. Today’s smart hackers know that IPS devices do not have high enough values for volumetric requests in regards to hardware and software architecture or in session tables after low packet requests. When a smart hacker identifies an IPS product, he aims to bring CPU levels of the IPS device to 85-95% by starting a volumetric attack on your other accessible service or sending session requests with low packet requests and make the IPS devices switch into bypass mode in these levels. After these activities, the hacker gets all the information, service or device by disabling the IPS system.

0