Full Disclosure mailing list archives
Re: Suggestion for IDS
From: Peer Janssen <peer () baden-online de>
Date: Wed, 28 Sep 2005 11:48:06 +0200
Valdis.Kletnieks () vt edu wrote:
Really? Is there no software package capable of withholding inspected packages until cleared by said IDS?On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:plan to install IDS to protect our resourcesAn IDS doesn't *protect* your resources, any more than a concealed video surveillance camera protects anything. It may tell you who did it, and what they did, *after the fact*, but it won't *protect* you.
If I get it right, netfilter actually IS able to reject (and log) packages. Why should an IDS sniffing on a level higher up on the "OSI chain of command" be unable to do the same?
Dropping packets, closing ports and resetting connections (besides logging, maybe notifying users) look like natural useful reactions to the detections deliverad of an IDS to me.
Or are we just talking about definitions (regarding the "D" in IDS), instead of talking about IDPS-ses which the OP clearly seems to imply? (P for prevention)
So what are the IDPS-ses you recommend? Peer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Suggestion for IDS Fajar Edisya Putera (Sep 28)
- Re: Suggestion for IDS Valdis . Kletnieks (Sep 28)
- Re: Suggestion for IDS Peer Janssen (Sep 28)
- Re: Suggestion for IDS Valdis . Kletnieks (Sep 28)
- Re: Suggestion for IDS Michael Holstein (Sep 28)
- Re: Suggestion for IDS Joel Esler (Sep 28)
- Re: Suggestion for IDS Peer Janssen (Sep 28)
- Re: Suggestion for IDS Valdis . Kletnieks (Sep 28)
- Re: Suggestion for IDS Michael Holstein (Sep 28)
- Re: Suggestion for IDS Reto Inversini (Sep 28)
- RE: Suggestion for IDS Randall M (Sep 29)
- Re: Suggestion for IDS Paul Schmehl (Sep 28)
- Re: Suggestion for IDS Kevin Pawloski (Sep 28)
- Re: Suggestion for IDS Lew Wolfgang (Sep 28)
- IDS features (was: Suggestion for IDS) Alejandro Barrera (Sep 28)
- Re: Suggestion for IDS Kevin Pawloski (Sep 28)