Newbie IDS questions

From: Mike Hrubes (MHrubes@wizmo.com)
Date: 01/09/02

• Previous message: Kurt Seifried: "Honeypotting with VMware - basics"
• Next in thread: ndesai01@tampabay.rr.com: "Re: Newbie IDS questions"
• Reply: ndesai01@tampabay.rr.com: "Re: Newbie IDS questions"
• Reply: Lee Brotherston: "RE: Newbie IDS questions"
• Reply: Drew: "Re: Newbie IDS questions"
• Reply: vokeyc@aciworldwide.com: "Re: Newbie IDS questions"
• Reply: Frank Knobbe: "RE: Newbie IDS questions"
• Reply: Andrew Plato: "Re: Newbie IDS questions"
• Reply: Steve A. Tindle III: "Re: Newbie IDS questions"
• Reply: by way of L. Taylor Banks: "Re: Newbie IDS questions"
• Reply: robert_david_graham: "RE: Newbie IDS questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 9 Jan 2002 11:29:34 -0600
From: "Mike Hrubes" <MHrubes@wizmo.com>
To: <FOCUS-IDS@SECURITYFOCUS.COM>

Hi all,

I'm new to the IDS world. I understand what an IDS does, and why you
need it, but I have some questions on the technical aspect of IDS. We
are planning on implementing an IDS in the near future. The idea that
has been proposed is to put the IDS in the path between connections,
rather than connected in promiscuous mode. The reason they want to do
this is so they can also run a blocking software, like portsentry, to
block unwanted scans, etc.

Is this even possible to do? The idea is to use a linux server running
snort. This box would have two interfaces to route the traffic through
it, scanning the signatures at the same time.

Possible/not possible? If possible, good idea/bad idea? Opinions in
general?

Thanks in advance,

Mike Hrubes

---

• Previous message: Kurt Seifried: "Honeypotting with VMware - basics"
• Next in thread: ndesai01@tampabay.rr.com: "Re: Newbie IDS questions"
• Reply: ndesai01@tampabay.rr.com: "Re: Newbie IDS questions"
• Reply: Lee Brotherston: "RE: Newbie IDS questions"
• Reply: Drew: "Re: Newbie IDS questions"
• Reply: vokeyc@aciworldwide.com: "Re: Newbie IDS questions"
• Reply: Frank Knobbe: "RE: Newbie IDS questions"
• Reply: Andrew Plato: "Re: Newbie IDS questions"
• Reply: Steve A. Tindle III: "Re: Newbie IDS questions"
• Reply: by way of L. Taylor Banks: "Re: Newbie IDS questions"
• Reply: robert_david_graham: "RE: Newbie IDS questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: OLEDB connection and AD Windows ... If you configure the underlying OS to authenticate against an LDAP server, than normal IDS connections (not the ones on PAM enable DBSERVERALIAS) should be able to work transparently... ... (comp.databases.informix) Re: SNORT or other IDS ... SYN flood on internal network can be caused by malfunctioning nework ... > effect on connections to hosts. ... > I have Linux IDS plugged in running snort with spade... ... (microsoft.public.security) Re: SNORT or other IDS ... not locking up or denying connections but over ... IDS attached to network. ... indication of half open connecion attacks because the aol proxy ip's ... I have Linux IDS plugged in running snort with spade... ... (microsoft.public.security) Re: Newbie IDS questions ... > the path between connections, ... IDS on a dual interface system. ... But they are not a replacement for a firewall. ... (Focus-IDS) Re: program hangs ... The program can't make any connections too the INFORMIXSERVER ... IDS version. ... session id from onstat -u and run onstat -g sql session_id ... He has 20 runtime licences. ... (comp.databases.informix)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2002-01