Firewall Wizards mailing list archives
Re: IDS outside of firewall?
From: "Ryan Russell" <ryanr () sybase com>
Date: Mon, 3 Aug 1998 10:32:36 -0700
Are there advantages to putting an IDS on the outside of the firewall?
As you mentioned, so you can log stuff that the firewall doesn't (perhaps bug...perhaps doesn't think it's suspicious...) And also so you can identify paticular attacks, rather than connection attempts. Since the firewall most likely won't (you hope) allow handshake to even complete, you'll see relatively few "attacks"... they won't be able to handshake enough to get an attack signature... but you might see a few. Say... single packet stuff.. like malformed DNS queries or answers, SNMP packets.... Stuff that an IDS will log as "attempted DNS blow-your-stack attacks" whereas the firewall might say "dropped UDP port 53." Ryan
Current thread:
- IDS outside of firewall? Rik Farrow (Aug 02)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Craig H. Rowland (Aug 03)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 03)
- Re: IDS outside of firewall? Jeff Sedayao (Aug 05)
- Message not available
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Woody Weaver (Aug 03)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Woody Weaver (Aug 05)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Stephen P. Berry (Aug 03)
- <Possible follow-ups>
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Jeff Maddox (Aug 04)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Paul Howell (Aug 04)
- Re: IDS outside of firewall? ark (Aug 05)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 06)