IDS mailing list archives
RE: Top IPS vendors - please read for invitation to Network World review.
From: Daniel Cid <danielcid () yahoo com br>
Date: Wed, 3 Sep 2003 10:29:42 -0300 (ART)
Yeah, you can add some hosts to be ignored. But you will never put "all" of them. It`s very easy to get a lot of problems using this kind of software. btw, what is the advantage to block port scans ? The important thing is to keep your system safe. And if an attacker notices that his ip is being blocked after a port scan, he will know that you are running this kind of IPS and will change his way to attack the system. It is not going to add any benefit Thansk Daniel B. Cid
--- "Schmehl, Paul L" <pauls () utdallas edu>
escreveu: > > -----Original Message-----
From: Scott Wimer [mailto:scottw () cylant com] Sent: Tuesday, September 02, 2003 10:06 AM To: Daniel Cid Cc: Schmehl, Paul L; focus-ids () securityfocus com Subject: Re: Top IPS vendors - please read forinvitation toNetwork World review.Daniel Cid wrote:Portsentry can block an ip address using theroutecommand (route reject) in machines that doesnthave a firewall.Forgive me for being callous, but this methodologyis just asking forproblems. If somebody portscans you from aspoofed address: say yourDNS server's IP maybe, then you now have someinteresting problems.This is using a broadsword where a scalpel iscalled for. Scottwimer Not really. Portsentry has the ability to ignore certain hosts, and any sensible setup of Portsentry would include localhost, your hostname and your DNS server in the .ignore file. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
_______________________________________________________________________ Yahoo! Mail O melhor e-mail gratuito da internet: 6MB de espaço, antivírus, acesso POP3, filtro contra spam. http://br.mail.yahoo.com/ --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- RE: Top IPS vendors - please read for invitation to Network World review. Rob Shein (Sep 05)
- <Possible follow-ups>
- Re: Top IPS vendors - please read for invitation to Network World review. Scott Wimer (Sep 05)
- RE: Top IPS vendors - please read for invitation to Network World review. Schmehl, Paul L (Sep 05)
- RE: Top IPS vendors - please read for invitation to Network World review. Daniel Cid (Sep 05)