Firewall Wizards mailing list archives
Re: Intrusion Detection
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Wed, 15 Apr 1998 17:37:56 -0400
I wrote:
with your security policy. Out here where I live, maybe it'd not generate a lot of false positives if the alarm went off whenever someone touches a window or rattles a doorknob, let alone succeeds in opening a door.
I dunno how many of the folks on this list remember Fred Cohen's "intrusion detection" system that he used to run on all.net. If you tried to Telnet to his system, it would look up the registered contact for your domain and E-mail them a nastygram that someone had just tried to break in to his system from your workstation. I'm starting to convince myself that I want to implement IDS as policy-based traps (a la Raiders of the Lost Ark -- if someone runs teardrop on me I want a big rock to fall on them) backed with passive sensors (microwave/PIR packet suckers) to catch anything that sneaks past. There are so many physical security analogies for how to do this right -- it's all beginning to come clear for me now. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: Intrusion Detection, (continued)
- Re: Intrusion Detection Paul D. Robertson (Apr 14)
- Re: Intrusion Detection Adam Shostack (Apr 15)
- Re: Intrusion Detection Marcus J. Ranum (Apr 15)
- Re: Intrusion Detection Aleph One (Apr 14)
- Re: Intrusion Detection Marcus J. Ranum (Apr 14)
- Re: Intrusion Detection Aleph One (Apr 14)
- Re: Intrusion Detection Adam Shostack (Apr 15)
- Re: Intrusion Detection M. Dodge Mumford (Apr 14)
- Re: Intrusion Detection emaiwald (Apr 15)
- Re: Intrusion Detection Marcus J. Ranum (Apr 15)
- Re: Intrusion Detection Marcus J. Ranum (Apr 15)
- Re: Intrusion Detection Aleph One (Apr 15)
- Re: Intrusion Detection emaiwald (Apr 17)
- Re: Intrusion Detection Mark Horn [ Net Ops ] (Apr 20)
- Re: Intrusion Detection Marcus J. Ranum (Apr 20)
- Re: Intrusion Detection darrenr (Apr 15)
- Re: Intrusion Detection Tina Bird (Apr 15)
- RE: Intrusion Detection Marcus J. Ranum (Apr 15)