IDS mailing list archives
Re: Network IDS
From: Andreas Krennmair <netnews () synflood at>
Date: Tue, 26 Aug 2003 20:58:58 +0200
* Zach Forsyth <Zach.Forsyth () kiandra com> [gmane.comp.security.ids]:
How do we classify a NID that can automatically adjust firewall rules to enable shunning etc? Cisco IDS devices spring to mind...
Uh, don't do that, IP addresses can be spoofed, and DoS can be done via such automatisms (e.g. fake a DNS request's source IP, containing some BIND exploit, and let the source IP be a host (or a number of hosts) you don't want to get replies for their DNS requests anymore).
Although technically correct, I think it is a bit petty to state that IDS does not help to "protect" your network/systems.
It may help protect your system, but it cannot protect your system. Yes, as mentioned before, that's also a semantical issue. ;-)
-----Original Message----- [fullquote snipped]
Oh, please don't do that. Regards, Andreas Krennmair --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS Barry Fitzgerald (Aug 26)
- RE: Network IDS Fergus Brooks (Aug 21)
- RE: Network IDS Terry Ziemniak (Aug 21)
- RE: Network IDS Robert.Lupo (Aug 21)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS José Joaquín (Aug 21)
- RE: Network IDS Zach Forsyth (Aug 25)
- RE: Network IDS Zach Forsyth (Aug 25)
- Re: Network IDS Joel Snyder (Aug 26)
- Re: Network IDS Andreas Krennmair (Aug 26)
- RE: Network IDS Scott M. Trieste (Aug 26)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Mark Teicher (Aug 28)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Zach Forsyth (Aug 26)
- Re: Network IDS Andrew Plato (Aug 28)
- Re: Network IDS Stephen P. Berry (Aug 29)