[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: [FW1] Intrusion Detection




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Personally, I'd be extreemely hesitant about implimenting any kind of
automated response system.  NIDS are well known for getting boatloads of
false positives.  And of course there's always the worry that once someone
realizes you're using an auto-response system, how long before it takes
them to figure out how to use it against you?  (ie. forging packets from
other IP's to create a DoS attack)

- -- 
Aaron D. Turner  Security Architect, OneSecure  http://www.onesecure.com/
[email protected]  work:cell:pub  1024D/1B57EB4D 2000-09-27 Aaron D. Turner <[email protected]>
     Key fingerprint = F90C BFB4 4404 5504 295D  4435 578B 1DD5 1B57 EB4D
All emails by me are PGP signed; an invalid signature indicates a forgery.

On Fri, 12 Jan 2001, Jon Vandiveer wrote:

[snip]

> Just remember that Intrusion Detection is different from Intrusion Response.
> i.e. Sn0rt does detection, but cannot Block connections; while RealSecure
> can issue commands to FW's and routers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Public key 0x1B57EB4D at: http://www.keyserver.net/en/
Filter: gpg4pine 4.1 (http://azzie.robotics.net)

iEYEARECAAYFAjpfeVkACgkQV4sd1RtX603znACeImJJAHSa6ebOOxZg9t5uN7qn
MZMAnAlfDNxWDXFItPsoCeBcibXZQevu
=1IHk
-----END PGP SIGNATURE-----



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================