Re: [nsp] IDS shunning

From: jlewis@lewis.org
Date: Wed Mar 20 2002 - 08:41:39 EST


On Wed, 20 Mar 2002, Travis Pugh wrote:

> It will also establish connectivity with a PIX via telnet or ssh
> and do the same thing ... as to actually implementing it, I would
> hope not. The potential for DoSing yourself with false
> positives, whether naturally occuring or done maliciously with
> spoofed headers, just seems too high to let your NIDS start
> writing ACLs on the fly.

I've seen Cisco demo's of this sort of thing. They'll sell you the
software...I can't remember what it was called.

-- 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:38 EDT