Firewall Wizards mailing list archives
RE: Reactive Firewalls
From: "Stout, William" <StoutW () pios com>
Date: Tue, 10 Feb 1998 16:15:57 -0500
----- Original Message ----- From: Aleph One [SMTP:aleph1 () dfw dfw net] Subject: Reactive Firewalls On Mon, 9 Feb 1998, Stout, William wrote:I like Cisco routers, but NSC borderguard routers respond to Wheelgroup IDS software (Borderware, Borderguard) and they also have R-R VPN capability (data 'sleeves').Reactive firewalls are one of the worths ideas yet. You are taking automated actions based on non-authenticated possible bogus data. That is a formular for disaster. Read the recent (release today) Secure Network paper on IDS's and their flaws for some reasons why this is so.
As worthless as cron jobs? I agree to the extent that I seriously question firewalls that shutdown during a perceived attack. I agree that reactive firewalls can be dangerous, a hacker/cracker finds out what a target responds to, then manipulates the target by its' reactions. A reactive firewall makes a great D.O.S. target. However it all depends on what you tell it to do in response to an event. Non-intrusive reactions are O.K.. It may merely page you with a message, or flash the screen, or keep more detailed logs during that particular time. Bill Stout ______________________________________________________________________ There's nothing more ominous than secret projects between domestic social politics and the military.
Current thread:
- RE: Reactive Firewalls Stout, William (Feb 10)
- <Possible follow-ups>
- Re: Reactive Firewalls tqbf (Feb 11)
- Re: Reactive Firewalls Darren Reed (Feb 11)
- Re: Reactive Firewalls John Lines (Feb 12)
- Re: Reactive Firewalls Rick Smith (Feb 12)
- Re: Reactive Firewalls Chris Brenton (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 13)
- Re: Reactive Firewalls Joseph S. D. Yao (Feb 13)
- Re: Reactive Firewalls Rachel Rosencrantz (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 16)