IDS mailing list archives
Re: Active response... some thoughts.
From: "andre" <andreq () infolink com br>
Date: Sat, 8 Feb 2003 19:50:21 -0200
What about blocking only a few certain attacks, that could not be easily spoofed. Such like HTTP vulnerabilities and others that need a complete handshake to work. Ok,its not impossible to spoof, but packet sequence prediction is a bit hard nowadays.
From: Chris Travers [mailto:chris () travelamericas com] Sent: Wednesday, February 05, 2003 8:16 AM To: Thomas H. Ptacek Cc: Focus-IDS Subject: Re: Active response... some thoughts. Thomas; I was also thinking about a liability from a poorly implimented system
being
able to be used to DOS an address by spoofing packets from that address. I guess I come back to advocating passive solutions primarily. Best Wishes, Chris Travers
Current thread:
- RE: Active response... some thoughts., (continued)
- RE: Active response... some thoughts. Pete Herzog (Feb 06)
- RE: Active response... some thoughts. Gonzalez, Albert (Feb 05)
- RE: Active response... some thoughts. Rob McMillen (Feb 06)
- Re: Active response... some thoughts. Ali Saifullah Khan (Feb 05)
- RE: Active response... some thoughts. Abe L. Getchell (Feb 06)
- Re: Active response... some thoughts. fr0ck9 (Feb 05)
- RE: Active response... some thoughts. Rob Shein (Feb 07)
- RE: Active response... some thoughts. Ralph Los (Feb 07)
- Re: Active response... some thoughts. SecurityFocus (Feb 10)
- RE: Active response... some thoughts. Ralph Los (Feb 07)
- Re: Active response... some thoughts. andre (Feb 08)
- Re: Active response... some thoughts. Frank Knobbe (Feb 10)
- RE: Active response... some thoughts. Rob Shein (Feb 11)
- Re: Active response... some thoughts. andre (Feb 08)
- Re: Active response... some thoughts. mb_lima (Feb 11)
- RE: Active response... some thoughts. Steven Richards (Feb 12)