Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: Darren Reed <darrenr () cyber com au>
Date: Sat, 14 Feb 1998 14:46:51 +1100 (EST)
In some mail I received from tqbf () secnet com, sie wrote [...]
However, we do not see a way in which sniffer-driven ID systems can accurately detect SPECIFIC TYPES of attacks in IP traffic. We are not contesting the fact that it is possible to detect traffic that is likely "malicious", and we are not saying that it is impossible to detect the fact that a network is being attacked. The issue is that sniffers cannot isolate (most types of) specific attacks from any other type of attack.
[...] One conclusion from this is might be that an IDS is only truely possible if implemented as a proxy gateway of sorts or otherwise performs as a mediator of packets as a firewall might be expected to do. Do you agree with this ? Darren
Current thread:
- Important Comments re: INtrusion Detection tqbf (Feb 13)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Craig Brozefsky (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 14)
- Re: Important Comments re: INtrusion Detection Craig Brozefsky (Feb 14)
- Re: Important Comments re: INtrusion Detection Marcus J. Ranum (Feb 14)
- Re: Important Comments re: INtrusion Detection Aaron Bawcom (Feb 15)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Craig Brozefsky (Feb 14)
- Re: Important Comments re: INtrusion Detection Bret Watson (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Rick Morrow (Feb 15)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)