Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Reactive Firewalls

From: "Stout, William" <StoutW () pios com>
Date: Tue, 10 Feb 1998 16:15:57 -0500
----- Original Message -----
From: Aleph One [SMTP:aleph1 () dfw dfw net]
Subject:      Reactive Firewalls

On Mon, 9 Feb 1998, Stout, William wrote:


I like Cisco routers, but NSC borderguard routers respond to Wheelgroup
IDS software (Borderware, Borderguard) and they also have R-R VPN
capability (data 'sleeves').


Reactive firewalls are one of the worths ideas yet. You are taking
automated actions based on non-authenticated possible bogus data. That is
a formular for disaster. Read the recent (release today) Secure Network
paper on IDS's and their flaws for some reasons why this is so.


As worthless as cron jobs?

I agree to the extent that I seriously question firewalls that shutdown
during a perceived attack.  I agree that reactive firewalls can be
dangerous, a hacker/cracker finds out what a target responds to, then
manipulates the target by its' reactions.  A reactive firewall makes a
great D.O.S. target.  

However it all depends on what you tell it to do in response to an
event.  Non-intrusive reactions are O.K..  It may merely page you with a
message, or flash the screen, or keep more detailed logs during that
particular time.

Bill Stout
______________________________________________________________________
There's nothing more ominous than secret projects between domestic
social politics and the military.
Previous By Date Next
Previous By Thread Next

Current thread: