Re: B.O.F. -reply

[Mark.Teicher () predictive com]

BFR 2.0, in my mind, should be a combination a Honeypot (ability to enable 
service stubs (i.e. Fake Telnet, ftp, http, etc) as it does today, and the 
ability to detect similiar vulnerability attacks like NetworkICE BlackICE 
Defender.

The trick would to integrate the service within (Arggh), Microsoft 
operating system.  Some of the other personal IDS agents available have a 
nice front end, but their service that runs behind, sometimes fails when a 
machine is rebooted, thus losing the corrupting the log file (i.e. missed 
events, loses it's brain in why a reboot happenned) (flatfiles seem to 
speed up the application quite a bit). Although using Installshield Update 
or Package for the Web can do a nice job of giving the user the ability to 
retrieve updates without missing a beat.  :)

A reporting feature with print or HTML ability would be also very nice...

/mark




"Marcus J. Ranum" <mjr () nfr net>
Sent by: owner-firewall-wizards () lists nfr net
05/04/00 02:48 PM
Please respond to "Marcus J. Ranum"

 
        To:     kevbarb <kevbarb () mediaone net>
        cc:     firewall-wizards () nfr net
        Subject:        Re: [fw-wiz] B.O.F.




kevbarb wrote:

> WHEN, OH WHEN is nfr going to come out with 2.0?

We decided to make 2.0 a major upgrade. When it comes out, it
will sport a whole lot more functionality and should make you pretty
happy. I'm not allowed to discuss when it'll be out, though. ;)

mjr.