RE: Automated IDS response

[ark () eltex ru]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Robert Graham <robert_david_graham () yahoo com> said :
 
> I mean, with a firewall you've already pre-DoSed your users: you deny them full
> access to the Internet. How many users can get IRC, ICQ, or even RealAudio
> through the firewall? How many of your users are complaining they can't
> traceroute through your firewall? You've already denied them that service. 
Hmm, my users can do all that, though i feel unhappy somehow about ICQ -
and i am not willing to write a proxy for it just to do not provide
false sense of security.. simple relay program passes UDP packets to and
from ICQ server, that's all i have (yes, i know it leaks internal 
addressing info, but THEY do not let me to deny the damn thing completely)

Using "personal firewall" thingies like AtGuard on Weendoze workstations
as complemetary measure in addition to "main" firewall is probably a good
idea also..
 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBOKvYAKH/mIJW9LeBAQEB2gP8DaoaMbfAA6Ylm0USrEYRXpXmaU32mKMO
gMlSwNWhdFNOZcEwreGC5Di78NO6NjKwIriQLg+zw5irjwEPrOxAxP/QqHieGf71
4Ntq4bN69enCNonN7M4LmRZ+Ds6nBbGzbZ5mhR78jCaQ5owX+eMAmHJxW6QMLgDC
UyP9RXK6ww8=
=N4wm
-----END PGP SIGNATURE-----