Re: [FW1] Intrusion Detection

Fri, 12 Jan 2001 14:10:57 -0800 


Yup, but I don't like getting paged @ 3am when the script kiddies are
online.
I would rather lock them down and worry about it on the morning.

So I guess  you are saying there is no one good product for everyone.....
Didn't I say that before.....

Jon

----- Original Message -----
From: "Aaron D. Turner" <[EMAIL PROTECTED]>
To: "Jon Vandiveer" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, January 12, 2001 4:38 PM
Subject: re: [FW1] Intrusion Detection


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Personally, I'd be extreemely hesitant about implimenting any kind of
> automated response system.  NIDS are well known for getting boatloads of
> false positives.  And of course there's always the worry that once someone
> realizes you're using an auto-response system, how long before it takes
> them to figure out how to use it against you?  (ie. forging packets from
> other IP's to create a DoS attack)
>
> - --
> Aaron D. Turner  Security Architect, OneSecure  http://www.onesecure.com/
> [EMAIL PROTECTED]  work: 408-992-8045  cell: 408-314-9874
> pub  1024D/1B57EB4D 2000-09-27 Aaron D. Turner <[EMAIL PROTECTED]>
>      Key fingerprint = F90C BFB4 4404 5504 295D  4435 578B 1DD5 1B57 EB4D
> All emails by me are PGP signed; an invalid signature indicates a forgery.
>
> On Fri, 12 Jan 2001, Jon Vandiveer wrote:
>
> [snip]
>
> > Just remember that Intrusion Detection is different from Intrusion
Response.
> > i.e. Sn0rt does detection, but cannot Block connections; while
RealSecure
> > can issue commands to FW's and routers.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: Public key 0x1B57EB4D at: http://www.keyserver.net/en/
> Filter: gpg4pine 4.1 (http://azzie.robotics.net)
>
> iEYEARECAAYFAjpfeVkACgkQV4sd1RtX603znACeImJJAHSa6ebOOxZg9t5uN7qn
> MZMAnAlfDNxWDXFItPsoCeBcibXZQevu
> =1IHk
> -----END PGP SIGNATURE-----
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to