Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: Steve Bellovin <smb () research att com>
Date: Sat, 14 Feb 1998 20:21:43 -0500
There are still problems that need to be solved here. The most obvious is that the IDS is no longer "unobtrusive", and it can actually bottleneck the network, unlike ID systems (which, when bogged down, simply fail to work reliably). There are also subtle problems at the protocol level, such as end-to-end acknowledgement. However, the firewall community has made this work; I'd be surprised if the IDS community couldn't too. The most serious problem, of course, is that there is no a priori reason to think that the IDS's stack is bug-free. And if you penetrate it, you've acquired control of a machine that is by definition a perfect sniffer -- for the dark side...
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Doug Hughes (Feb 18)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 15)
- Re: Important Comments re: INtrusion Detection marc (Feb 15)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 15)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)