Re: [nsp] IDS shunning

From: jlewis@lewis.org
Date: Wed Mar 20 2002 - 08:41:39 EST

Next message: Travis Pugh: "Re: [nsp] IDS shunning"
Previous message: Neil J. McRae: "RE: [nsp] IDS shunning"
In reply to: Travis Pugh: "Re: [nsp] IDS shunning"
Next in thread: Neil J. McRae: "RE: [nsp] IDS shunning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

On Wed, 20 Mar 2002, Travis Pugh wrote:

> It will also establish connectivity with a PIX via telnet or ssh
> and do the same thing ... as to actually implementing it, I would
> hope not. The potential for DoSing yourself with false
> positives, whether naturally occuring or done maliciously with
> spoofed headers, just seems too high to let your NIDS start
> writing ACLs on the fly.

I've seen Cisco demo's of this sort of thing. They'll sell you the
software...I can't remember what it was called.

-- 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Next message: Travis Pugh: "Re: [nsp] IDS shunning"
Previous message: Neil J. McRae: "RE: [nsp] IDS shunning"
In reply to: Travis Pugh: "Re: [nsp] IDS shunning"
Next in thread: Neil J. McRae: "RE: [nsp] IDS shunning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:08 EDT