Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Suggestion for IDS

From: Peer Janssen <peer () baden-online de>
Date: Wed, 28 Sep 2005 11:48:06 +0200
Valdis.Kletnieks () vt edu wrote:


On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:


plan to install IDS to protect our resources

An IDS doesn't *protect* your resources, any more than a concealed
video surveillance camera protects anything.  It may tell you who did it, and
what they did, *after the fact*, but it won't *protect* you.
Really? Is there no software package capable of withholding inspected packages until cleared by said IDS?
If I get it right, netfilter actually IS able to reject (and log) packages. Why should an IDS sniffing on a level higher up on the "OSI chain of command" be unable to do the same?
Dropping packets, closing ports and resetting connections (besides logging, maybe notifying users) look like natural useful reactions to the detections deliverad of an IDS to me.
Or are we just talking about definitions (regarding the "D" in IDS), instead of talking about IDPS-ses which the OP clearly seems to imply? (P for prevention) 

So what are the IDPS-ses you recommend?

Peer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: