Firewall Wizards mailing list archives
Re: The value of detecting neutralized threats. (was RE: IDS blah blah)
From: davidg () genmagic com (David Gillett)
Date: Wed, 27 Jan 1999 14:05:19 -0800
On 21 Jan 99, at 22:40, John Kozubik wrote:
There are two reasons for trying to detect traffic and breaches with IDS that you have previously taken steps to prevent. (in answer to he question "why should we watch for netbios traffic if we have already firewalled those ports?") 1. The existence of network scans, petty DoS attempts, and lame netbios attacks can be one of two things - some teenager getting their kicks, or, a sophisticated attacker using these probes as a precursor to a more sophisticated (and successful, perhaps) attack. Do not kid yourselves and think that well funded attackers do not at least try the front door once or twice before bringing out the big guns. If you have sensitive and valuable data to protect, you are doing yourself a disservice by not making an effort to look for traffic that should theoretically not exist on the network. By discovering these precursors to what might be a more sophisticated attack, action can be taken to prevent its escalation.
Exactly. An intruder is unlikely to penetrate a reasonable level of security on the first try, unless extremely well-informed. Proactive defense means detecting and responding (a chat with their ISP is often sufficient -- works better if they also hear from a few .mil and .gov sites...) to their initial failed attempts. David G
Current thread:
- The value of detecting neutralized threats. (was RE: IDS blah blah) John Kozubik (Jan 26)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) Dominique Brezinski (Jan 27)
- Re: The value of detecting neutralized threats. (was RE: IDS bla Vik Bajaj (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS bla Dominique Brezinski (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS bla Joe LoBianco (Jan 29)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) David LeBlanc (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS bla Vik Bajaj (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) David Gillett (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) Dominique Brezinski (Jan 27)