Firewall Wizards mailing list archives
Re: firewalls and the incoming traffic problem
From: Adam Shostack <adam () homeport org>
Date: Mon, 13 Oct 1997 14:40:41 -0400 (EDT)
The OPSEC part of checkpoint offers a SAMP (Suspicious Activity Monitoring Protocol) that allows you to do this sort of thing. I'd be very interested in seeing if anyone has done any analysis of the protocol regarding replay attacks. There is fun to be had not only in denial of service, but also if there is a 'open up this IP now' message. http://www.checkpoint.com/opsec/architect.htm Adam Bill Stout wrote: | Thinking more about the topic... It would be nice to dynamically control | rules on a TIS/V-One firewall from a NFR IDS system. I don't know what you | can wisely respond to, since it would make an attractive Denial of Service | target. | | If you could do this without being a DOS target, it would also be nice if | there were a standard 'API' to the IDS system, which firewall-specific 'IDS | response' programs could link to. Sorta like the CVP spec. | | Bill Stout | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- RE: firewalls and the incoming traffic problem Dominique Brezinski (Oct 01)
- RE: firewalls and the incoming traffic problem Phil Cox (Oct 09)
- <Possible follow-ups>
- Re: firewalls and the incoming traffic problem Darren Reed (Oct 01)
- Re: firewalls and the incoming traffic problem David Collier-Brown (Oct 01)
- Re: firewalls and the incoming traffic problem Rick Smith (Oct 02)
- Re: firewalls and the incoming traffic problem Rick Smith (Oct 02)
- Re: firewalls and the incoming traffic problem Aleph One (Oct 02)
- Re: firewalls and the incoming traffic problem Hal Feinstein (Oct 02)
- RE: firewalls and the incoming traffic problem Bill Stout (Oct 10)
- RE: firewalls and the incoming traffic problem Bill Stout (Oct 13)
- Re: firewalls and the incoming traffic problem Adam Shostack (Oct 13)