Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Intrusion Detection Systems, Best of breed?

From: "Marcus J. Ranum" <mjr () nfr com>
Date: Wed, 26 Dec 2001 10:34:29 -0500
Ofir Arkin wrote:

Another thought, you really need to make it REAL GOOD so it will not be
detected easily. Hence, same Stack manipulations and other TCP/IP tricks
to make it look nice...


Not really. That's the beauty of the idea. Once the Bad Guys try to identify
you, they've indicated already that they're not good guys. :) Good Guys don't
care what they're talking to, only whether or not it works properly. Bad Guys
are the folks who try to make a connection to systems behind your firewall
and fail then come back with an Nmap scan.

On the Internet, you _are_ how you act. :)

mjr.
---
Marcus J. Ranum          Chief Technology Officer, NFR Security, Inc.
Work:                           http://www.nfr.com
Personal:                      http://www.ranum.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: