Re: Newbie IDS questionsFrom: Drew (email@example.com)
- Previous message: Lee Brotherston: "RE: Newbie IDS questions"
- In reply to: Mike Hrubes: "Newbie IDS questions"
- Next in thread: firstname.lastname@example.org: "Re: Newbie IDS questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jan 2002 00:06:37 -0500 From: Drew <email@example.com> To: Mike Hrubes <MHrubes@wizmo.com>
Mike Hrubes wrote:
> Hi all,
> I'm new to the IDS world. I understand what an IDS does, and why you
> need it, but I have some questions on the technical aspect of IDS. We
> are planning on implementing an IDS in the near future. The idea that
> has been proposed is to put the IDS in the path between connections,
> rather than connected in promiscuous mode. The reason they want to do
> this is so they can also run a blocking software, like portsentry, to
> block unwanted scans, etc.
Isn't this the way that a Cisco router with IDS feature set installed
works? Personally, I don't like the idea of introducing more
complication into the network. Whereas running the IDS feature set
on a IOS device adds functionality to an existing network unit, this
solution brings us a new target. I much prefer using IDS in a silent
configuration in such a way that it cannot become a target to the
I'm also not sure why running something like portsentry would preclude
you from using a promiscuous type IDS. Can you clarify?