You are right that these kinds of DoS attacks are difficult to detect
at Network IDS/IPS level due to the problems you mentioned - false
positives and false negatives.
I suggest that you consider "version" of cisco routers in your rules
to avoid false positives in deployment scnearios where CISCO r...
at Network IDS/IPS level due to the problems you mentioned - false
positives and false negatives.
I suggest that you consider "version" of cisco routers in your rules
to avoid false positives in deployment scnearios where CISCO r...
[ more ]