DoS Attacks on Network IDS

– Resource exhaustion
– cpu resources
– memory
– Network bandwidth

– Abusing reactive IDS
– false positives
– nuisance attacks or “error” packets/connections

Intrusion Prevention System(IPS)
also known as intrusion detection and prevention system(IDPS)
is an extension of an IDS that includes the capability to attempt to block or prevent detected malicious activity
can be host-based, network-based, or distributed/hybrid
can use anomaly detection to identify behavior that is not that of legitimate users, or signature/heuristic detection to identify known malicious behavior can block traffic as a firewall does, but makes use of the types of algorithms developed for IDSs to determine when to do so