Re: IDS responses
From: marca369@student.liu.se
Date: 11/18/02
- Previous message: Bryan K. Watson: "RE: IDS using Taps & network bridging"
- Maybe in reply to: marca369@student.liu.se: "IDS responses"
- Next in thread: Kohlenberg, Toby: "RE: IDS responses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Nov 2002 14:33:35 -0000 From: <marca369@student.liu.se> To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <009501c28e69$a5b09a80$438990d5@ch.ema.ad.pwcinternal.com>
>> Can anyone explain or direct me to an explanation of the SNMP Trap's
>> use in active responses of intrusion detection systems?
>
>See answer below
>
>> SNMP Trap; Reconfigure network devices?
>
>SNMP Traps can be used on a sensor to send asynchronous messages to a
>console. These messages are not sent to network devices. The console on
its
>end might then reconfigure the network device (probably via SNMP again,
but
>not TRAPS, but an SNMP SET). I think this is all the magic that is behind
>this.
>
So, as far as I understand, what vendors mean by stating their products
support "SNMP Trap" is the same as supporting blocking or shunning
(reconfiguring router/firewall ACLs)? Using SNMP for sending event
messages to the IDS console wouldnt be very smart since its a
connectionless protocol (UDP) and the traffic is unencrypted.
/Markus
- Next message: nate: "Re: IDS using Taps & network bridging"
- Previous message: Bryan K. Watson: "RE: IDS using Taps & network bridging"
- Maybe in reply to: marca369@student.liu.se: "IDS responses"
- Next in thread: Kohlenberg, Toby: "RE: IDS responses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
