IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network IDS

From: Andreas Krennmair <netnews () synflood at>
Date: Tue, 26 Aug 2003 20:58:58 +0200
* Zach Forsyth <Zach.Forsyth () kiandra com> [gmane.comp.security.ids]:

 How do we classify a NID that can automatically adjust firewall rules to
 enable shunning etc?
 Cisco IDS devices spring to mind...


Uh, don't do that, IP addresses can be spoofed, and DoS can be done via
such automatisms (e.g. fake a DNS request's source IP, containing some
BIND exploit, and let the source IP be a host (or a number of hosts) you
don't want to get replies for their DNS requests anymore).


 Although technically correct, I think it is a bit petty to state that
 IDS does not help to "protect" your network/systems.


It may help protect your system, but it cannot protect your system. Yes,
as mentioned before, that's also a semantical issue. ;-)


 -----Original Message-----
 [fullquote snipped]


Oh, please don't do that.

Regards,
Andreas Krennmair


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the world’s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: