RE: Gateway IDS
From: Frank Knobbe (fknobbe@knobbeits.com)Date: 06/27/02
- Previous message: Rob McMillen: "RE: Gateway IDS"
- In reply to: Hiemstra, Brenno: "RE: Gateway IDS"
- Next in thread: r00t@online.ie: "Re: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Frank Knobbe <fknobbe@knobbeits.com> To: "Hiemstra, Brenno" <brenno.hiemstra@ignite.nl> Date: 26 Jun 2002 23:05:28 -0500
On Tue, 2002-06-25 at 04:08, Hiemstra, Brenno wrote:
> If you have a checkpoint firewall you can try
> snortsam. For more information look at:
>
> http://www.snortsam.net
>
> I dont have experience with it but I think it can
> do the stuff that you want.
Brenno,
SnortSam reconfigures firewalls and routers. Just like Snort's native
TCP reset capability, or RealSecure's OPSEC integration, it is merely
reactive. In other words, the packets have already passed your IDS and
made it into the network.
A Gateway IDS, as it's currently defined by the community (as far as I
understand it), does not pass the packets until it is has been scanned
for signatures or protocol violations. Only then is it passed on to the
network (or dropped).
While nice in concept, I doubt that these gateway IDS will find wide
acceptance due to their latency. Signature sets are growing, protocols
are added, but at the same time, bandwidth demand is increasing. I doubt
GIDS will win that race...
Regards,.
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Rob McMillen: "RE: Gateway IDS"
- In reply to: Hiemstra, Brenno: "RE: Gateway IDS"
- Next in thread: r00t@online.ie: "Re: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
