Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: "Steven M. Bellovin" <smb () research att com>
Date: Sun, 15 Feb 1998 14:57:52 +0000
At 01:17 AM 2/15/98 -0600, tqbf () secnet com wrote:
The most serious problem, of course, is that there is no a priori reason to think that the IDS's stack is bug-free. And if you penetrate it, you've acquired control of a machine that is by definition a perfect sniffer -- for the dark side...Don't proxy firewalls, and intermediate systems in general, all share this problem? Or are you saying that as well?
Yes, they all share that problem.
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Doug Hughes (Feb 18)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 14)
- Re: Important Comments re: INtrusion Detection marc (Feb 14)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 15)
- Re: Important Comments re: INtrusion Detection marc (Feb 15)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 15)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)