IDS mailing list archives
Re: Top IPS vendors - please read for invitation to Network World review.
From: Scott Wimer <scottw () cylant com>
Date: Tue, 02 Sep 2003 08:06:06 -0700
Forgive me for being callous, but this methodology is just asking for problems. If somebody portscans you from a spoofed address: say your DNS server's IP maybe, then you now have some interesting problems.
This is using a broadsword where a scalpel is called for. scottwimer Daniel Cid wrote:
Portsentry can block an ip address using the route command (route reject) in machines that doesnt have a firewall. Thanks Daniel B. Cid--- Paul Schmehl <pauls () utdallas edu> escreveu: >-->On Wednesday, August 27, 2003 6:30 AM -0600 MarkTeicher <mht3 () earthlink net> wrote:PortSentry - is more of a firewall than IPS, doesnot have anypreventative functionality similiar to CiscoSecure Agent aka OkenaStormwatchHave you used PortSentry? It's certainly not afirewall at all. It detects "bad" behavior and immediately writes rules to the firewall as well as to tcpwrappers (if it's configured that way.) I would define that as an IDS. A specialized one perhaps. But certainly not a firewall. PortSentry doesn't block anything directly. If the host doesn't have a firewall installed, then all PortSentry can do is either report the problem (through logging) or write deny rules to tcpwrappers (ifconfigured to do so.) As far as all this philosophical rambling about whatdefines this or that or whether or not a term is mere marketing fluff or something more substantial, I'll leave that to all the residentexperts. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu---------------------------------------------------------------------------Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings)in Tysons Corner, VA; the worldÂ’s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-birdregistration ends September 6 Visit: www.blackhat.com---------------------------------------------------------------------------_______________________________________________________________________ Desafio AntiZona: participe do jogo de perguntas e respostas que vai dar um Renault Clio, computadores, câmeras digitais, videogames e muito mais! www.cade.com.br/antizona ---------------------------------------------------------------------------Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂ’s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com---------------------------------------------------------------------------
-- Scott M. Wimer, CTO Cylant www.cylant.com 121 Sweet Ave. v. (208) 883-4892 Suite 123 c. (208) 301-0370 Moscow, ID 83843 There is no Security without Control. ---------------------------------------------------------------------------Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂ’s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
Current thread:
- RE: Top IPS vendors - please read for invitation to Network World review. Rob Shein (Sep 05)
- <Possible follow-ups>
- Re: Top IPS vendors - please read for invitation to Network World review. Scott Wimer (Sep 05)
- RE: Top IPS vendors - please read for invitation to Network World review. Schmehl, Paul L (Sep 05)
- RE: Top IPS vendors - please read for invitation to Network World review. Daniel Cid (Sep 05)