Firewall Wizards mailing list archives
Re: Intrusion Prevention Firewall
From: Vern Paxson <vern () icir org>
Date: Sat, 06 Apr 2002 01:06:27 -0800
Is this IDS operating inside the security boundary or outside?
We have a dozen Bro's running both inside and outside. That said, in any case they're not in the forwarding path. They react by either terminating TCP connections (forging RST packets to the inside host, which is more trustworthy about honoring them), or, in particular, connecting to our routers to install ACL entries.
The internal IDS also has responsibility for incidents which originate inside the network - (60%).
I really have to question that 60% figure. I know it's the one often cited, and used to justify certain styles of monitoring. But it clearly has to depend a great deal on your environment. For LBL - where we monitor internally as well as externally - upwards of 99% of the detected attacks come from outside. Vern _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Intrusion Prevention Firewall, (continued)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 02)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 03)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- RE: Intrusion Prevention Firewall Pieper, Rodney (Apr 04)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 06)
- Re: Intrusion Prevention Firewall dont (Apr 06)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 06)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 05)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- RE: Intrusion Prevention Firewall Pieper, Rodney (Apr 06)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 08)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 06)
- Re: Intrusion Prevention Firewall Patrick M. Hausen (Apr 16)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 17)
- Re: Intrusion Prevention Firewall Patrick M. Hausen (Apr 18)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 17)