Aaron Schultz <[EMAIL PROTECTED]> spake thus:
> Date: Sun, 10 Sep 2000 11:39:22 -0700 (PDT)
> From: Aaron Schultz <[EMAIL PROTECTED]>
> Subject: Re: IPChains / IPFilter question
>
> On Sun, 10 Sep 2000, mouss wrote:
>
> > In my opinion, the available open source packet filters are
> > comarable to what commercial firewalls provide. They are
> > even superior to many of the commercial FWs filters.
> >
> > "watching for regular stuff" is more an issue for IDS than or
> > the filters.
> > Indeed, either the implementation is light and is thus really
> > insufficient, or it is "complete" and consumes too much
> > resources which makes it unusable on a FW (if you spend your
> > time cheking your numerous patterns, your packet queue is gonna
> > stay full...).
>
> The only experience I've had with the IDS/firewall working
> together was with the company "ZoneOfTrust.com". Their system
> seemed to be able to watch a high-volume website and actually
> catch items which appeared to be attacks and add the appropriate
> firewall rules.
> I've not seen this style of functionality in ipchains yet,
> although it's able to be manipulated by programs like portsentry
> to provide some level of stopping attacks realtime.
>
> - - Aaron Schultz
> - - [EMAIL PROTECTED]
> - ------
> /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
> \ / ASCII Ribbon Campaign
> X - NO HTML/RTF in e-mail
> / \ - NO Word docs in e-mail
>
Beware
The big danger with realtime automated response is the
risk of an attacker spoofing the source and causing your
firewall to Denial of Service you.
Robin Pollard
Netherlands:
Fax: +31 (0)20 8675865
UK:
fax: +44 (0)870 1243 357
United States:
Voice or Fax: +1 (212) 894 3724 ext 1009
__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
