Re: Top IPS vendors - please read for invitation to Network World review.

[Daniel Cid <danielcid () yahoo com br>]

I agree with you. This kind of "IPS" is very dangerous
to use. I only make a comment that portsentry can
block using the route command. I never said that this
is a good solution :)

Daniel B. Cid

> --- Scott Wimer <scottw () cylant com> escreveu: >
> Forgive me for being callous, but this methodology
> is just asking for 
> problems.  If somebody portscans you from a spoofed
> address: say your 
> DNS server's IP maybe, then you now have some
> interesting problems.
>
> This is using a broadsword where a scalpel is called
> for.
> scottwimer
>
> Daniel Cid wrote:
> > Portsentry can block an ip address using the route
> > command (route reject) in  machines that doesnt
> have a
> > firewall.
> >
> > Thanks
> >
> > Daniel B. Cid
> >
> >
> > > --- Paul Schmehl <pauls () utdallas edu> escreveu: >
> >
> > -->On Wednesday, August 27, 2003 6:30 AM -0600
> Mark
> > > Teicher 
> > > <mht3 () earthlink net> wrote:
> > >
> > > > PortSentry - is more of a firewall than IPS, does
> > >
> > > not have any
> > >
> > > > preventative functionality similiar to Cisco
> > >
> > > Secure Agent aka Okena
> > >
> > > > Stormwatch
> > >
> > > Have you used PortSentry?  It's certainly not a
> > > firewall at all.  It 
> > > detects "bad" behavior and immediately writes
> rules
> > > to the firewall as well 
> > > as to tcpwrappers (if it's configured that way.) 
> I
> > > would define that as an 
> > > IDS.  A specialized one perhaps.  But certainly
> not
> > > a firewall.  PortSentry 
> > > doesn't block anything directly.  If the host
> > > doesn't have a firewall 
> > > installed, then all PortSentry can do is either
> > > report the problem (through 
> > > logging) or write deny rules to tcpwrappers (if
> > > configured to do so.)
> > >
> > > As far as all this philosophical rambling about
> what
> > > defines this or that 
> > > or whether or not a term is mere marketing fluff
> or
> > > something more 
> > > substantial, I'll leave that to all the resident
> > > experts.
> > >
> > > Paul Schmehl (pauls () utdallas edu)
> > > Adjunct Information Security Officer
> > > The University of Texas at Dallas
> > > AVIEN Founding Member
> > > http://www.utdallas.edu
---------------------------------------------------------------------------
> > > Attend Black Hat Briefings & Training Federal,
> > > September 29-30 (Training), October 1-2
> (Briefings)
> > > in Tysons Corner, VA; the world’s premier 
> > > technical IT security event.  Modeled after the
> > > famous Black Hat event in 
> > > Las Vegas! 6 tracks, 12 training sessions, top
> > > speakers and sponsors.  
> > > Symanetc is the Diamond sponsor.  Early-bird
> > > registration ends September 6 Visit:
> > > www.blackhat.com
---------------------------------------------------------------------------
> > >
_______________________________________________________________________
> > Desafio AntiZona: participe do jogo de perguntas e
> respostas que vai
> > dar um Renault Clio, computadores, câmeras
> digitais, videogames e muito
> > mais! www.cade.com.br/antizona
---------------------------------------------------------------------------
> > Attend Black Hat Briefings & Training Federal,
> September 29-30 (Training), October 1-2 (Briefings)
> in Tysons Corner, VA; the world’s premier 
> > technical IT security event.  Modeled after the
> famous Black Hat event in 
> > Las Vegas! 6 tracks, 12 training sessions, top
> speakers and sponsors.  
> > Symanetc is the Diamond sponsor.  Early-bird
> registration ends September 6 Visit:
> www.blackhat.com
> >
---------------------------------------------------------------------------
> -- 
> Scott M. Wimer, CTO                      Cylant
> www.cylant.com                           121 Sweet
> Ave.
> v. (208) 883-4892                        Suite 123
> c. (208) 301-0370                        Moscow, ID
> 83843
> There is no Security without Control.
>  

_______________________________________________________________________
Desafio AntiZona: participe do jogo de perguntas e respostas que vai
dar um Renault Clio, computadores, câmeras digitais, videogames e muito
mais! www.cade.com.br/antizona

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------