IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Triggering Checkpoint MAD

From: "Fergus Brooks" <fergusb () evolve-online com>
Date: Tue, 10 Jun 2003 12:25:53 +0800

Hi all,

In FW-1 NG FP1 Checkpoint included a small IDS system they labelled
Malicious Activity Detection. It will detect things like land and syn
attacks (apparently...)I think it has evolved into something called
Smart Defense but I am only interested in the FP1 MAD.

For a proof of concept we have been trying to get this thing to alert
via OPSEC LEA to another IDS system but can't seem to set it off. We've
tried nmap and Retina (I thought nmap would at least set off the syn
flood detection..) but still no joy. We know the LEA is working because
we can get log file messages over there.

Has anyone a) Ever seen this work and/or b) have any ideas on what we
may be doing wrong?

Thanks and regards....





____________________________________
Fergus Brooks - Senior Security Consultant
Evolution Security Systems Asia 
fergusb () evolve-online com   www.evolve-online.com


___
Confidentiality:  This e-mail and its attachments are intended for the
above named only and may be confidential. If they have come to you in
error you must take no action based on them, nor must you copy or show
them to anyone; please reply to this e-mail and highlight the error.
Security Warning:  Please note that this e-mail has been created in the
knowledge that Internet e-mail is not a 100% secure communications
medium. We advise that you understand and observe this lack of security
when e-mailing us.
Viruses:  Although we have taken steps to ensure that this e-mail and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus
free. 
______________________________________________ 


-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: