Travis,
> It will also establish connectivity with a PIX via telnet or ssh
> and do the same thing ... as to actually implementing it, I would
> hope not. The potential for DoSing yourself with false
> positives, whether naturally occuring or done maliciously with
> spoofed headers, just seems too high to let your NIDS start
> writing ACLs on the fly.
I more or less agree but often by the time you know about the
DOS often the machine you need to get access too won't respond and
you can't then manually implement the filters without taking the machine
off the network for a period of time.
Regards,
Neil
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:38 EDT