> retaliate, I think an equal or greater reaction to the probe > or attack in > question. You may simply be saying take effective > counter-measures, such as > performing a shun on a host or network, which is already available in > multiple products. One such product is the Cisco secure IDS > in conjunction > with other Cisco network products. For more information on that, see > http://www.cisco.com/warp/public/44/solutions/network/security.shtml. > > Hope that helps.
Indeed. I think almost all NIDSs by now know how to react to attacks at least at some level. For instance, Snort (http://www.snort.org/) knows how to spoof RST-flagged packets to both parties, effectively terminating the connection there. Of course, you could also make an IDS software that watches the NIDS-software's logs and upon intrusion does whatever you want. A shell script, say. Also, Check Point's OPSEC-standard is meant for all sorts of communications from hosts to firewalls. Now the Network Flight Recorder (NFR, nfr.net) software knows how to speak OPSEC to a Firewall-1 and effectively shut the intruder from your network. As does ISS's product, if I recall correctly. TONI HEINONEN TELEWARE OY Telephone +358 (9) 3434 9123 * Fax +358 (9) 3431 321 Wireless +358 40 836 1815 Kauppakartanonkatu 7, 00930 Helsinki [EMAIL PROTECTED] * www.teleware.fi
