Educause Security Discussion mailing list archives
Re: IPS vulnerable to Spoofing
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 17 Feb 2006 13:18:43 -0500
On Thu, 16 Feb 2006 18:52:46 MST, Dave Huth said:
Has anyone done a risk assessment of out-of-band IPS with the spoof in mind?
The old and venerable PortSentry code from a decade ago came with a *big* warning to not shoot yourself in the foot by forgetting to whitelist critical systems that could end up in a hosts.deny list. It's hardly a new problem, and actually getting hit with it is usually regarded as pointing a loaded projectile weapon at one's own feet. If you come across a unit that *doesn't* support whitelisting to prevent that, run *far* *far* away, and make clear to the vendor that you will *never* do business with such a clue-challenged security vendor....
Attachment:
_bin
Description:
Current thread:
- IPS vulnerable to Spoofing Dave Huth (Feb 16)
- <Possible follow-ups>
- Re: IPS vulnerable to Spoofing John Kemp (Feb 16)
- Re: IPS vulnerable to Spoofing Valdis Kletnieks (Feb 17)
- Re: IPS vulnerable to Spoofing Valdis Kletnieks (Feb 17)