[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Intrusion Detection
Yup, but I don't like getting paged @ 3am when the script kiddies are online. I would rather lock them down and worry about it on the morning. So I guess you are saying there is no one good product for everyone..... Didn't I say that before..... Jon ----- Original Message ----- From: "Aaron D. Turner" <[email protected]> To: "Jon Vandiveer" <[email protected]> Cc: <[email protected]> Sent: Friday, January 12, 2001 4:38 PM Subject: re: [FW1] Intrusion Detection > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Personally, I'd be extreemely hesitant about implimenting any kind of > automated response system. NIDS are well known for getting boatloads of > false positives. And of course there's always the worry that once someone > realizes you're using an auto-response system, how long before it takes > them to figure out how to use it against you? (ie. forging packets from > other IP's to create a DoS attack) > > - -- > Aaron D. Turner Security Architect, OneSecure http://www.onesecure.com/ > [email protected] work:cell:> pub 1024D/1B57EB4D 2000-09-27 Aaron D. Turner <[email protected]> > Key fingerprint = F90C BFB4 4404 5504 295D 4435 578B 1DD5 1B57 EB4D > All emails by me are PGP signed; an invalid signature indicates a forgery. > > On Fri, 12 Jan 2001, Jon Vandiveer wrote: > > [snip] > > > Just remember that Intrusion Detection is different from Intrusion Response. > > i.e. Sn0rt does detection, but cannot Block connections; while RealSecure > > can issue commands to FW's and routers. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: Public key 0x1B57EB4D at: http://www.keyserver.net/en/ > Filter: gpg4pine 4.1 (http://azzie.robotics.net) > > iEYEARECAAYFAjpfeVkACgkQV4sd1RtX603znACeImJJAHSa6ebOOxZg9t5uN7qn > MZMAnAlfDNxWDXFItPsoCeBcibXZQevu > =1IHk > -----END PGP SIGNATURE----- > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|