Re: Gateway IDS
From: Shaiful (shaifuljahari@yahoo.com)Date: 06/25/02
- Previous message: Ken Arora: "RE: Value of "richer" signatures?"
- In reply to: Jochen Vogel: "Gateway IDS"
- Next in thread: Fatfinger: "Re: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Jun 2002 22:28:16 -0700 (PDT) From: Shaiful <shaifuljahari@yahoo.com> To: Jochen Vogel <jvogel@it-sec.de>
Hi,
Have you looked into hogwash based solution? There are
currently two primary versions, libpcap/libnet and
iptables/libipq approach. IMHO, the hogwash approach
is much better than sending RESET packet since an
attacker can always modify his IP stack to ignore the
RST packet. Pls see following links:
Original hogwash using libpcap/libnet:
http://hogwash.sourceforge.net/
Experimental iptables/libipq approach:
http://www.prismnet.com/~aef/index2.html
IDS gateway for honeypot(using iptables/libipq):
http://w3.cablespeed.com/~rvmcmil/IDSGateway/idgateway.htm
Best regards,
Shaiful
--- Jochen Vogel <jvogel@it-sec.de> wrote:
> hi,
>
> since last year i search a working gateway IDS
> solution.
> i search a solution that work like a firewall but
> additionally
> can block packets after an correlation with IDS
> signatures.
> the solution to send RST packets or reconfigure a
> firewall
> is nice but not really about latency or spoofing
> packets.
>
> greets
> Jochen
>
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
- Previous message: Ken Arora: "RE: Value of "richer" signatures?"
- In reply to: Jochen Vogel: "Gateway IDS"
- Next in thread: Fatfinger: "Re: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
