IDS mailing list archives
RE: Network IDS
From: "Zach Forsyth" <Zach.Forsyth () kiandra com>
Date: Wed, 27 Aug 2003 11:12:39 +1000
From: Andreas Krennmair Sent: Wednesday, 27 August 2003 4:59 AM Uh, don't do that, IP addresses can be spoofed, and DoS can be done via
such automatisms (e.g. fake a DNS request's source IP, containing some BIND exploit, and let the source IP be a host (or a >number of hosts) you don't want to get replies for their DNS requests anymore). Uh, I don't do that, but was rather just pointing out there are some pro-active ids devices around. I realise the implications of "strike back" type of systems and am not a fan at all. How about cisco threat response or similar systems? There is another spin on IDS technology...
It may help protect your system, but it cannot protect your system.
Yes, as mentioned before, that's also a semantical issue. ;-) I still say it helps protect your systems, albeit indirectly. Sementics aside, an IDS affords a much greater visibility of what is happening, and therefore inherently enables you to have more secure systems. So it doesn't protect, but it does. Anyway, pointless going back and forth regarding this, sort of like hardware v's software firewalls :) I definitely think IDS is of huge benefit and IPS may be the way of the future. Guess we just have to see how well they can be implemented. Cheers z --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS José Joaquín (Aug 21)
- RE: Network IDS Zach Forsyth (Aug 25)
- RE: Network IDS Zach Forsyth (Aug 25)
- Re: Network IDS Joel Snyder (Aug 26)
- Re: Network IDS Andreas Krennmair (Aug 26)
- RE: Network IDS Scott M. Trieste (Aug 26)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Mark Teicher (Aug 28)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Zach Forsyth (Aug 26)
- Re: Network IDS Andrew Plato (Aug 28)
- Re: Network IDS Stephen P. Berry (Aug 29)