Firewall Wizards mailing list archives
IDS & Automated Response
From: "Aaron D. Turner" <aturner () vicinity com>
Date: Fri, 17 Mar 2000 13:57:40 -0800 (PST)
As many of you probably read, Lance Spitzner released a new version of his alert.sh for Firewall-1, and included a copy of my enhanced version of the script in the examples directory. I'm planning on making a number of further enhancements to the reporting (including snmp trap support) as well as providing even more control over automated response. Now, this enhanced script isn't for everyone. I'm working on the documentation right now so that it isn't as confusing, but there is still the very good chance of someone missconfiguring it in a way which leaves you open to a denial of service attack. If you don't already understand why automated response systems can cause a DoS then this script definately isn't for you. However, if you find this sort of thing interesting or potentially useful in your environment as a free alternative to more expensive products such as ISS, please contact me. Right now I'm looking for ideas to make the script better, testers, as well as making decisions regarding the script itself (like should it stay a shell script or should I port it to Perl). I'd appreciate anyone's input in this matter. Probably best to email me directly rather than to the list. -- Aaron Turner aturner () vicinity com 650.237.0300 x252 Security Engineer Vicinity Corp. Cell: 408-314-9874 http://www.vicinity.com
Current thread:
- IDS & Automated Response Aaron D. Turner (Mar 21)