IDS mailing list archives
Triggering Checkpoint MAD
From: "Fergus Brooks" <fergusb () evolve-online com>
Date: Tue, 10 Jun 2003 12:25:53 +0800
Hi all, In FW-1 NG FP1 Checkpoint included a small IDS system they labelled Malicious Activity Detection. It will detect things like land and syn attacks (apparently...)I think it has evolved into something called Smart Defense but I am only interested in the FP1 MAD. For a proof of concept we have been trying to get this thing to alert via OPSEC LEA to another IDS system but can't seem to set it off. We've tried nmap and Retina (I thought nmap would at least set off the syn flood detection..) but still no joy. We know the LEA is working because we can get log file messages over there. Has anyone a) Ever seen this work and/or b) have any ideas on what we may be doing wrong? Thanks and regards.... ____________________________________ Fergus Brooks - Senior Security Consultant Evolution Security Systems Asia fergusb () evolve-online com www.evolve-online.com ___ Confidentiality: This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this e-mail and highlight the error. Security Warning: Please note that this e-mail has been created in the knowledge that Internet e-mail is not a 100% secure communications medium. We advise that you understand and observe this lack of security when e-mailing us. Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. ______________________________________________ ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Triggering Checkpoint MAD Fergus Brooks (Jun 12)