AW: Gateway IDS
From: Jochen Vogel (jvogel@it-sec.de)Date: 06/27/02
- Previous message: Dale.Drew@Level3.com: "Intrusion Detection Server"
- Next in thread: Frank Knobbe: "Re: AW: Gateway IDS"
- Reply: Frank Knobbe: "Re: AW: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jochen Vogel <jvogel@it-sec.de> To: Date: Thu, 27 Jun 2002 10:31:46 +0200
thx for your replies,
i seems there is a great interesst.
i will look at hogwash and ianīs project.
onsecure seems to be good too.
To send RST packets or blocking the SRC IP over OPSEC
is not really good because to bypass the system about
latency or IP stack modifying additional IP blocking
can end in DOS if i spoof bad packets with your partners
source. the only way is:
in -> packetfilter -> ids -bad or good-> packetfilter -if good-> forward
| |
drop if bad
|
drop
greets
Jo
- Previous message: Dale.Drew@Level3.com: "Intrusion Detection Server"
- Next in thread: Frank Knobbe: "Re: AW: Gateway IDS"
- Reply: Frank Knobbe: "Re: AW: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
