Snort mailing list archives
RE: New Trend: Intrusion Prevention
From: "Chris Eidem" <ceidem () Dexma com>
Date: Fri, 13 Dec 2002 15:27:47 -0600
-----Original Message----- From: twig les [mailto:twigles () yahoo com] Sent: Friday, December 13, 2002 2:27 PM To: Ibarra, Michael; 'Sheahan, Paul (PCLN-NW)'; Snort List (E-mail) Subject: RE: [Snort-users] New Trend: Intrusion Prevention I've seen a few of these for a couple years now, but generally I run into the host-based ones. Eeye makes one for that retarded MS web server here: http://www.eeye.com/html/Products/SecureIIS/index.html I believe it intercepts kernel calls and blocks/passes them, kinda playing middleman. Not sure though. Looks neat, but I don't see any silver bullet here either; not unless you want to slap this type of thing on your 500-5000 XP workstations too.
my retarded servers have enough trouble with their IIS miscommunicating with the kernal as it is. i really don't want add another layer that could muck things up even more... my basic thought is this (IPS - that is) is too dangerous right now for this to be used in a production network. the DOS potential against a system is way too high and you would have to 10000 rules to make sure that you have the right signature before you start blocking connections accurately. locking the doors and checking the windows is difficult enough without having to go out onto the sidewalk and chase any 'shady' looking person from your yard. - chris ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: New Trend: Intrusion Prevention, (continued)
- Re: New Trend: Intrusion Prevention Kevin Black (Dec 15)
- Re: New Trend: Intrusion Prevention Frank Knobbe (Dec 15)
- RE: New Trend: Intrusion Prevention Steve Halligan (Dec 13)
- RE: New Trend: Intrusion Prevention Nathan Whitehouse (Dec 13)
- RE: New Trend: Intrusion Prevention Ibarra, Michael (Dec 13)
- RE: New Trend: Intrusion Prevention twig les (Dec 13)
- Re: New Trend: Intrusion Prevention Erick Mechler (Dec 13)
- RE: New Trend: Intrusion Prevention twig les (Dec 13)
- RE: New Trend: Intrusion Prevention SecurityAdmin (Dec 13)
- RE: New Trend: Intrusion Prevention Bob Dehnhardt (Dec 13)
- Re: New Trend: Intrusion Prevention Alberto Gonzalez (Dec 13)
- RE: New Trend: Intrusion Prevention Chris Eidem (Dec 13)
- RE: New Trend: Intrusion Prevention Sheahan, Paul (PCLN-NW) (Dec 16)
- Re: New Trend: Intrusion Prevention Robby Desmond (Dec 17)