Firewall Wizards mailing list archives
Re: Intrusion Prevention Firewall
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Fri, 12 Apr 2002 19:55:11 +0200 (CEST)
Hi all! Berny wrote:
I think some attack signatures should be trusted, blatently obvious ones like TCP/UDP scans from the same host. I think a half hour ban on this type of traffic, by adding a drop rule, and then deleting it half an hour later. I think this would prevent some of the script kiddie attacks that I think we all see much too often.
But you already have a firewall in place, right? A firewall which is policy enforcement device with respect to traffic passing from your internal network to the Internet and vice versa, right? And the policy is to deny everything which is not explicitly allowed, right? So the firewall already drops and logs all these packets that random script kiddie's portscans generate ... So what's the gain in having an IDS tweak firewall rules? A properly understood and configured firewall is an "Intrusion Prevention Device" in the same way an armed guard is. If you needed a supervisor for the guard telling the guard what to do ... better fire the guard and let the supervisor do that job. Of course, there are a lot of firewall installations out there, that don't work that way. But these are simply guards that do a sloppy job and should be fired (IMHO). Regards, Patrick M. Hausen Technical Director -- punkt.de GmbH Internet - Dienstleistungen - Beratung Scheffelstr. 17 a Tel. 0721 9109 -0 Fax: -100 76135 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Intrusion Prevention Firewall, (continued)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 03)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- RE: Intrusion Prevention Firewall Pieper, Rodney (Apr 04)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 06)
- Re: Intrusion Prevention Firewall dont (Apr 06)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 06)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 05)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- RE: Intrusion Prevention Firewall Pieper, Rodney (Apr 06)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 08)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 06)
- Re: Intrusion Prevention Firewall Patrick M. Hausen (Apr 16)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 17)
- Re: Intrusion Prevention Firewall Patrick M. Hausen (Apr 18)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 17)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 03)