RE: [nsp] IDS shunning

• Next message: jlewis@lewis.org: "Re: [nsp] IDS shunning"
• Previous message: Travis Pugh: "Re: [nsp] IDS shunning"
• In reply to: Travis Pugh: "Re: [nsp] IDS shunning"
• Next in thread: jlewis@lewis.org: "Re: [nsp] IDS shunning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Travis,

> It will also establish connectivity with a PIX via telnet or ssh
> and do the same thing ... as to actually implementing it, I would
> hope not. The potential for DoSing yourself with false
> positives, whether naturally occuring or done maliciously with
> spoofed headers, just seems too high to let your NIDS start
> writing ACLs on the fly.

I more or less agree but often by the time you know about the
DOS often the machine you need to get access too won't respond and
you can't then manually implement the filters without taking the machine
off the network for a period of time.

Regards,
Neil

• Next message: jlewis@lewis.org: "Re: [nsp] IDS shunning"
• Previous message: Travis Pugh: "Re: [nsp] IDS shunning"
• In reply to: Travis Pugh: "Re: [nsp] IDS shunning"
• Next in thread: jlewis@lewis.org: "Re: [nsp] IDS shunning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:38 EDT