Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: marc () sniff ct-net de
Date: Sat, 14 Feb 1998 19:24:25 +0000 (GMT)
Darren Reed <darrenr () cyber com au> wrote:
One conclusion from this is might be that an IDS is only truely possible if implemented as a proxy gateway of sorts or otherwise
I agree with proxies ...
performs as a mediator of packets as a firewall might be expected to do. Do you agree with this ?
... but I wouldn't expect every stateful firewall to rebuild the IP or TCP Headers (is there _any_ stateful firewall doing so?). With "rebuild" I am thinking of a firewall picking out all relevant information but not the redundant one (like checksums) and send out an IP packet with a copy of the relevant stuff and a checksum calculated on its own (and header length, and reserved bits = 0, and ...). If the firewall doesn't, the insertion attack will still work. Regards, Marc -- Marc Binderberger 97076 Wuerzburg, Germany marc () sniff ct-net de Powered by FreeBSD ;-)
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Doug Hughes (Feb 18)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 15)
- Re: Important Comments re: INtrusion Detection marc (Feb 15)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 15)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)