RE: Network IDS

["Zach Forsyth" <Zach.Forsyth () kiandra com>]

> From: Andreas Krennmair 
> Sent: Wednesday, 27 August 2003 4:59 AM
> Uh, don't do that, IP addresses can be spoofed, and DoS can be done via
such automatisms (e.g. fake a DNS request's source IP, containing some
BIND exploit, and let the source IP be a host (or a >number of hosts)
you don't want to get replies for their DNS requests anymore).

Uh, I don't do that, but was rather just pointing out there are some
pro-active ids devices around.
I realise the implications of "strike back" type of systems and am not a
fan at all.
How about cisco threat response or similar systems? There is another
spin on IDS technology...

> It may help protect your system, but it cannot protect your system.
Yes, as mentioned before, that's also a semantical issue. ;-)

I still say it helps protect your systems, albeit indirectly. Sementics
aside, an IDS affords a much greater visibility of what is happening, 
and therefore inherently enables you to have more secure systems. So it
doesn't protect, but it does.
Anyway, pointless going back and forth regarding this, sort of like
hardware v's software firewalls :) 

I definitely think IDS is of huge benefit and IPS may be the way of the
future.
Guess we just have to see how well they can be implemented. 

Cheers

z





---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the world’s premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------