IDS mailing list archives

RE: Top IPS vendors - please read for invitation to Network World review.

From: Daniel Cid <danielcid () yahoo com br>
Date: Wed, 3 Sep 2003 10:29:42 -0300 (ART)

Yeah, you can add some hosts to be ignored. But you
will never put "all" of them. It`s very easy to get a
lot of problems using this kind of software. btw, what
is the advantage to block port scans ? The important
thing is to keep your system safe. And if an attacker
notices that his ip is being blocked after a port
scan, he will know that you are running this kind of
IPS and will change his way to attack the system. It
is not going to add any benefit

Thansk

Daniel B. Cid

--- "Schmehl, Paul L" <pauls () utdallas edu>

escreveu: > > -----Original Message-----

From: Scott Wimer [mailto:scottw () cylant com] 
Sent: Tuesday, September 02, 2003 10:06 AM
To: Daniel Cid
Cc: Schmehl, Paul L; focus-ids () securityfocus com
Subject: Re: Top IPS vendors - please read for

invitation to

Network World review.

Daniel Cid wrote:

Portsentry can block an ip address using the

route

command (route reject) in  machines that doesnt

have a firewall.


Forgive me for being callous, but this methodology

is just asking for

problems.  If somebody portscans you from a

spoofed address: say your

DNS server's IP maybe, then you now have some

interesting problems.


This is using a broadsword where a scalpel is

called for. Scottwimer

Not really.  Portsentry has the ability to ignore
certain hosts, and any
sensible setup of Portsentry would include
localhost, your hostname and
your DNS server in the .ignore file.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/


_______________________________________________________________________
Yahoo! Mail
O melhor e-mail gratuito da internet: 6MB de espaço, antivírus, acesso POP3, filtro contra spam. 
http://br.mail.yahoo.com/

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the worldÂs premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------

Current thread:

RE: Top IPS vendors - please read for invitation to Network World review. Rob Shein (Sep 05)
- <Possible follow-ups>
- Re: Top IPS vendors - please read for invitation to Network World review. Scott Wimer (Sep 05)
- RE: Top IPS vendors - please read for invitation to Network World review. Schmehl, Paul L (Sep 05)
  - RE: Top IPS vendors - please read for invitation to Network World review. Daniel Cid (Sep 05)