Firewall Wizards mailing list archives
RE: Intrusion Prevention Firewall
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 12 Apr 2002 13:58:05 -0400 (EDT)
On Fri, 12 Apr 2002, Berny Stapleton (Sydney Technology) wrote:
I agree with this point. I think some attack signatures should be trusted, blatently obvious ones like TCP/UDP scans from the same host. I think a half hour ban on this type of traffic, by adding a drop rule, and then deleting it half an hour later. I think this would prevent some of the script kiddie attacks that I think we all see much too often.
but, what if I, the script kiddie, spoof the attack with the IP's of some of your corporate partners? Or if I spoof them from sites your users need access to? This is one of the reasons that auto detection blocking might fail. I think it was the crux of what Cowan and Gary meant. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Intrusion Prevention Firewall Crispin Cowan (Mar 31)
- <Possible follow-ups>
- RE: Intrusion Prevention Firewall dont (Apr 02)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 03)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 03)
- RE: Intrusion Prevention Firewall Berny Stapleton (Sydney Technology) (Apr 12)
- RE: Intrusion Prevention Firewall R. DuFresne (Apr 16)
- Re: Intrusion Prevention Firewall Mikael Olsson (Apr 16)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 16)
- RE: Intrusion Prevention Firewall R. DuFresne (Apr 17)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 17)
- RE: Intrusion Prevention Firewall R. DuFresne (Apr 18)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 03)
- RE: Intrusion Prevention Firewall Mike Shaw (Apr 17)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)