Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Important Comments re: INtrusion Detection

From: Steve Bellovin <smb () research att com>
Date: Sat, 14 Feb 1998 20:21:43 -0500
         There are still problems that need to be solved here. The most
         obvious is that the IDS is no longer "unobtrusive", and it can
         actually bottleneck the network, unlike ID systems (which,
         when bogged down, simply fail to work reliably). There are
         also subtle problems at the protocol level, such as end-to-end
         acknowledgement. However, the firewall community has made this
         work; I'd be surprised if the IDS community couldn't too.

The most serious problem, of course, is that there is no a priori reason
to think that the IDS's stack is bug-free.  And if you penetrate it, you've
acquired control of a machine that is by definition a perfect sniffer --
for the dark side...
Previous By Date Next
Previous By Thread Next

Current thread: