IDS mailing list archives
Re: True definition of Intrusion Prevention
From: George Capehart <gwc () acm org>
Date: Mon, 5 Jan 2004 17:26:01 -0500
On Monday 05 January 2004 03:12 pm, Brad McGary wrote:
I agree with your comments but would offer the thought process regarding the structure of an attack scenario. Most attacks start with recon and end with target specific exploits. I've been using a commercial version of Hogwash for about two years and have significantly reduced the number of successful attacks launched against our environments by preventing the more prolific recon tools from returning target intelligence. As for the worm attacks we've been relatively successful at stopping these since they mostly utilize exploits which have mature snort signatures. In the end there's no panacea and we see our share of false positives and false negatives I'm sure. Please take these comments as just my specific experience and understand I certainly don't want to engage in any heated debates.
Hi Brad, Thanks for sharing your experience. And, while heated debates tend to drift away from the topic, I'd be interested in hearing what others have done to try to head off attacks. This gets exactly to the point that, to my way of thinking, to prevent intrusions one needs to employ a *process* which has many dimensions. You have very clearly described one aspect of that process . . . Regards, George Capehart --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- Re: True definition of Intrusion Prevention Mike Poor (Jan 02)
- Re: True definition of Intrusion Prevention Brad McGary (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- <Possible follow-ups>
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 02)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Brian Taylor (Jan 05)
- Re: True definition of Intrusion Prevention Gary Flynn (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
(Thread continues...)