It depends on your definition of "Strike Back". Most IDS's on the market can actively reset TCP sessions when a signature matches some can launch firewall blocking these are non-offensive responses that are legal. However, I would caution against this type of activity due to high false positive rates. You could use, a higher level correlated/threat analyzed data that eliminates such false positives, such as neuSECURE :>
matt -----Original Message----- From: Ralph Los [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 2:47 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: IDS that retaliates. I can't speak for too many options - but Secure Computing has a product that USED to do that, until it became illegal. (If I'm not mistaken, and I might be, SideWinder did something of the nature, or maybe the complemenatry IDS?) Cheers, ----------------------------------------| Ralph M. Los Sr. Security Consultant and Trainer EnterEdge Technology, L.L.C. [EMAIL PROTECTED] (770) 955-9899 x.206 ----------------------------------------| ::-----Original Message----- ::From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] ::Sent: Tuesday, March 05, 2002 12:23 PM ::To: [EMAIL PROTECTED]; [EMAIL PROTECTED] ::Subject: IDS that retaliates. :: :: :: :: ::Hi :: ::I read a long time ago that some goverment agency in the US ::was working on a IDS that could retaliate. I wonder if ::someone has any information on any IDS that does that, or any ::ideas on how to make an IDS that in return of an event ::triggers different securitymeasures. :: ::Thankfull for all replys. :: ::Regards ::Charles ::--------------------------------------------------------------------- ::Charles Skoglund, OM AB (Norrlandsgatan 31) ::SE-105 78 Stockholm ::Email: [EMAIL PROTECTED] ::Phone: +46 (0)8 405 64 90 ::Mobile: +46 (0)70 597 52 32 ::Switchboard: +46 (0)8 405 60 00 :: :: ::
