IDS mailing list archives
Re: Network IDS
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 27 Aug 2003 14:15:43 -0500
On Tue, 2003-08-26 at 13:53, Andreas Krennmair wrote:
How is your system protected when the exploit succeeds and is detected by the NIDS? Your system is compromised. The only thing where NIDS could be interesting is to record all attacks and to separate the known exploits from the unknown ones. That is, IMHO, the only really useful way NIDS could be used.
Another idea you could use this for is automated containment of intrusions. Yeah, your box may be hacked by the time the IDS analyzes the packet, but the reaction (i.e. firewall config) can be done to automatically isolate that box so that the hacker can't get in or worms break out. Same thing you would do by hand, except the IDS does it for you much faster and at 4am when you're not there. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Network IDS Duston Sickler (Aug 19)
- Re: Network IDS Andreas Krennmair (Aug 21)
- Re: Network IDS Barry Fitzgerald (Aug 21)
- Re: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Sam f. Stover (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 25)
- Re: Network IDS Andreas Krennmair (Aug 26)
- Re: Network IDS Barry Fitzgerald (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Barry Fitzgerald (Aug 21)
- Re: Network IDS Andreas Krennmair (Aug 21)
- Re: Network IDS Andreas Krennmair (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 26)
- <Possible follow-ups>
- RE: Network IDS Robert.Lupo (Aug 21)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS José Joaquín (Aug 21)