This more of a discovery tool, not particularly an Intrusion Detection
system. (i.e. ISS, NFR, NetworkICE, etc).
The whole underlying reason one places a firewall or packet filtering
router between an organization and the Internet is to prevent would be
intruders. So if the rules on the firewall are lax, that means your IDS is
system is alerting one all the time, by crafting efficient rules on your
firewall and therefore observing the number of alerts on your IDS device
(software or hardware), one can then substantiate that either the security
rules in place are working as designed or need some work if the amount of
alerts on the IDS are extremely high.
Many people forget that an IDS is not just to watch the wire but also
validates that the devices in place are doing their job sufficiently
(hopefully).
/m
At 04:24 PM 10/24/00 +0930, Ben Nagy wrote:
>I like to use nmap to externally scan firewalls with various options. In
>addition I often try a few spot checks using an internal netcat listener and
>then trying to connect to it from the outside world.
>
>With all the fragmentation problems these days, one should probably try and
>route the connections to the netcat listener through something like
>fragrouter.
>
>Cheers,
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
