Re: BlackIce IDS

From: Duane Arnold (nitme@notme.com)
Date: 01/08/03 

From: "Duane Arnold" <nitme@notme.com>
Date: Wed, 08 Jan 2003 21:53:01 GMT

That's why I believe in layered protection. And beside we're talking about
home users now, who seem to be getting attacked all the time, by the same
stuff over, over, over, over and over again and over and over some more the
same stuff. All one has to do is go over to some anti virus newsgroup and
see this.

And I also have heard that when the Code RED worm first hit the Internet
attacking IIS, BlackIce was stopping it. Now I don't program firewalls and
IDS, but I know that something can be programmed to look at certain attack
characteristics and block it, if found. Now on that one, I just didn't step
off the Garyhound Bus into some big city from some HICK town

Duane :) 

--
The protection of the machine is a process and is not a given!
"svek" <svek-NO-SPAM@gmx.net> wrote in message
news:Xns92FDE18CAC783svek@130.133.1.4...
> "Duane Arnold" <nitme@notme.com> wrote in
> news:mP%S9.287877$qF3.27603@sccrnsc04:
>
> > If I set BlackIce on a machine at home to Accept all my company's
> > IP(s) on ports used by Netmeeting and connect Netmeeting to Netmeeting
> > RDS to a machine at work that is infected with worm, I know that IDS
> > is going to see that attack coming and is going to instruct the
> > firewall to start blocking network traffic from that IP.
> >
> > Any of the rest of the firewalls doing that let me know.
>
> Well, security is larger than protecting against those vulnerabilities
that
> are known. What if this worm would be something new, one of a kind?
> All BlackIce can do is to compare signatures to patterns in the network
> traffic, but what if there wasn't any pattern like this one before?
> Then that trust could be easily exploited.
> An IP address is by no mean a way to identify yourself by, just look at
the
> r* services history.
>
> /svek

Relevant Pages

  • Re: No Black Ice trial-ware or free version?
    ... understand that an attack can come from many program types such as an OCX, ... And BID does this very well. ... Too me a software firewall for the Windows desk top means: ... Know to enable the protection features that IE and OE have available on ...
    (comp.security.firewalls)
  • Re: Top General "Under the Gun"
    ... if the Enlightened Ones included Germans as a protected ... choosing which groups deserve special protection and privileges. ... Good hate crime laws ... to specific groups that are under a specific risk of specific attack. ...
    (rec.sport.football.college)
  • Re: A Conservative Viewpoint...
    ... Protection of Works and Installations Containing Dangerous ... such attack may cause the release of dangerous forces and consequent ... Other military objectives ...
    (rec.music.gdead)
  • Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)
    ... It negates probably 85% of the attack traffic coming at ... (well, outbound SMTP reduces your risk of hitting anyone else, not your ... desktop AV is good for about .5% protection from the same vector. ... and map that against hardening a system to not run signed code at all, ...
    (Firewall-Wizards)
  • Re: I am happy with XP:s integreted firewall!
    ... Plus the OP was about firewalls on home computers...your 'examples" ... >> hacker has matching client for it such as Sub Seven client/server. ... > of course you can attack a service running on a box without it being ... >> Lastly most hackers don't care about home users anyway..they would ...
    (comp.security.firewalls)