Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: firewalls and the incoming traffic problem

From: Adam Shostack <adam () homeport org>
Date: Mon, 13 Oct 1997 14:40:41 -0400 (EDT)
The OPSEC part of checkpoint offers a SAMP (Suspicious Activity
Monitoring Protocol) that allows you to do this sort of thing.  I'd
be very interested in seeing if anyone has done any analysis of the
protocol regarding replay attacks.  There is fun to be had not only in
denial of service, but also if there is a 'open up this IP now'
message.

http://www.checkpoint.com/opsec/architect.htm

Adam

Bill Stout wrote:
| Thinking more about the topic...  It would be nice to dynamically control
| rules on a TIS/V-One firewall from a NFR IDS system.  I don't know what you
| can wisely respond to, since it would make an attractive Denial of Service
| target.
| 
| If you could do this without being a DOS target, it would also be nice if
| there were a standard 'API' to the IDS system, which firewall-specific 'IDS
| response' programs could link to.  Sorta like the CVP spec.
| 
| Bill Stout
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume
Previous By Date Next
Previous By Thread Next

Current thread: