Security Basics mailing list archives
Re: Top IPS vendors - please read for invitation to Network World review.
From: Daniel Cid <danielcid () yahoo com br>
Date: Wed, 3 Sep 2003 10:21:08 -0300 (ART)
I agree with you. This kind of "IPS" is very dangerous to use. I only make a comment that portsentry can block using the route command. I never said that this is a good solution :) Daniel B. Cid
--- Scott Wimer <scottw () cylant com> escreveu: > Forgive me for being callous, but this methodology is just asking for problems. If somebody portscans you from a spoofed address: say your DNS server's IP maybe, then you now have some interesting problems. This is using a broadsword where a scalpel is called for. scottwimer Daniel Cid wrote:Portsentry can block an ip address using the route command (route reject) in machines that doesnthave afirewall. Thanks Daniel B. Cid--- Paul Schmehl <pauls () utdallas edu> escreveu: >-->On Wednesday, August 27, 2003 6:30 AM -0600MarkTeicher <mht3 () earthlink net> wrote:PortSentry - is more of a firewall than IPS, doesnot have anypreventative functionality similiar to CiscoSecure Agent aka OkenaStormwatchHave you used PortSentry? It's certainly not a firewall at all. It detects "bad" behavior and immediately writesrulesto the firewall as well as to tcpwrappers (if it's configured that way.)Iwould define that as an IDS. A specialized one perhaps. But certainlynota firewall. PortSentry doesn't block anything directly. If the host doesn't have a firewall installed, then all PortSentry can do is either report the problem (through logging) or write deny rules to tcpwrappers (if configured to do so.) As far as all this philosophical rambling aboutwhatdefines this or that or whether or not a term is mere marketing flufforsomething more substantial, I'll leave that to all the resident experts. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2(Briefings)in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
_______________________________________________________________________
Desafio AntiZona: participe do jogo de perguntas erespostas que vaidar um Renault Clio, computadores, câmerasdigitais, videogames e muitomais! www.cade.com.br/antizona
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal,September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premiertechnical IT security event. Modeled after thefamous Black Hat event inLas Vegas! 6 tracks, 12 training sessions, topspeakers and sponsors.Symanetc is the Diamond sponsor. Early-birdregistration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
-- Scott M. Wimer, CTO Cylant www.cylant.com 121 Sweet Ave. v. (208) 883-4892 Suite 123 c. (208) 301-0370 Moscow, ID 83843 There is no Security without Control.
_______________________________________________________________________ Desafio AntiZona: participe do jogo de perguntas e respostas que vai dar um Renault Clio, computadores, câmeras digitais, videogames e muito mais! www.cade.com.br/antizona --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: Top IPS vendors - please read for invitation to Network World review. Daniel Cid (Sep 03)