Re: Network IDS

• Previous message: Darren Windham: "RE: Intrusion prevention and dDos protection"
• In reply to: Zach Forsyth: "RE: Network IDS"
• Next in thread: Scott M. Trieste: "RE: Network IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-ids@securityfocus.com
Date: Tue, 26 Aug 2003 20:58:58 +0200

* Zach Forsyth <Zach.Forsyth@kiandra.com> [gmane.comp.security.ids]:
> How do we classify a NID that can automatically adjust firewall rules to
> enable shunning etc?
> Cisco IDS devices spring to mind...

Uh, don't do that, IP addresses can be spoofed, and DoS can be done via
such automatisms (e.g. fake a DNS request's source IP, containing some
BIND exploit, and let the source IP be a host (or a number of hosts) you
don't want to get replies for their DNS requests anymore).

> Although technically correct, I think it is a bit petty to state that
> IDS does not help to "protect" your network/systems.

It may help protect your system, but it cannot protect your system. Yes,
as mentioned before, that's also a semantical issue. ;-)

> -----Original Message-----
> [fullquote snipped]

Oh, please don't do that.

Regards,
Andreas Krennmair

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world’s premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------

• Previous message: Darren Windham: "RE: Intrusion prevention and dDos protection"
• In reply to: Zach Forsyth: "RE: Network IDS"
• Next in thread: Scott M. Trieste: "RE: Network IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]