Re: IPS vulnerable to Spoofing

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Thu, 16 Feb 2006 18:52:46 MST, Dave Huth said:
> Has anyone done a risk assessment of out-of-band IPS with the spoof in mind?

The old and venerable PortSentry code from a decade ago came with a *big*
warning to not shoot yourself in the foot by forgetting to whitelist critical
systems that could end up in a hosts.deny list.

It's hardly a new problem, and actually getting hit with it is usually
regarded as pointing a loaded projectile weapon at one's own feet.  If you
come across a unit that *doesn't* support whitelisting to prevent that,
run *far* *far* away, and make clear to the vendor that you will *never*
do business with such a clue-challenged security vendor....

Attachment: _bin
Description: