RE: [fw-wiz] fortigate firewall IPS capabilities

From: Teicher, Mark (mteicher_at_icsalabs.com)
Date: 10/27/04

Next message: Devdas Bhagat: "Re: [fw-wiz] TCP DoS attack"

Previous message: gmx: "Re: [fw-wiz] TCP DoS attack"
Maybe in reply to: Maarten Hartsuijker: "[fw-wiz] fortigate firewall IPS capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Danny" <nocmonkey@gmail.com>, <secfocusnospam@jizzle.net>
Date: Wed, 27 Oct 2004 10:46:42 -0400

At the time of the evaluation was done for a specific customer during my
security consulting services days

The IPS vulnerabilities Fortinet one was able to enable/disable were:

FIN without ACK Attack
FTP Buffer Overflow Attack
ICMP Flood Attack
ICMP Source Session Limit
ICMP Sweep Attack
Invalid URL Attack
IP Fragment
IP Land Attack
IP Loose Source Record Routing
IP Record Routing
IP Security Option
IP Stream Option
IP Strict Srouce Record Routing
IP Timestamp Option
IP Unknown Option
Ping of Death Attack
POP2 Buffer Overflow
POP3 Buffer Overflow
Port Scan Attack
Source Session Limit
SYN Flood Attack
SYN Fragment Attack
TCP with No Flag Attack
UDP Flood Attack
UDP Land Attack
UDP Source Session Limit
Unknown IP Protocol

There were a couple of other ones, but IMHO, these are not truly IDP
signatures, more of IDS thresholding options

/mark

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Danny
Sent: Tuesday, October 26, 2004 4:02 PM
To: secfocusnospam@jizzle.net
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] fortigate firewall IPS capabilities

On Mon, 25 Oct 2004 12:07:04 +0200 (CEST), Maarten Hartsuijker
<secfocusnospam@jizzle.net> wrote:
> I have been performing some basic tests of the IPS capabilities of our

> fortigate v2.80 - MR5. I started out testing the device's portscan
> protection rules but have so far been unable to prevent the portscans
> from being succesfull. From the logs, I notice that the fortigate
> detects the scan, but allows it anyway.
[...]

What is Fortinet Support response?

...D
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Devdas Bhagat: "Re: [fw-wiz] TCP DoS attack"

Previous message: gmx: "Re: [fw-wiz] TCP DoS attack"
Maybe in reply to: Maarten Hartsuijker: "[fw-wiz] fortigate firewall IPS capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]