IDS mailing list archives

Re: Network IDS

From: Frank Knobbe <frank () knobbe us>
Date: Wed, 27 Aug 2003 14:15:43 -0500

On Tue, 2003-08-26 at 13:53, Andreas Krennmair wrote:

How is your system protected when the exploit succeeds and is detected
by the NIDS? Your system is compromised. The only thing where NIDS could
be interesting is to record all attacks and to separate the known
exploits from the unknown ones. That is, IMHO, the only really useful
way NIDS could be used.



Another idea you could use this for is automated containment of
intrusions. Yeah, your box may be hacked by the time the IDS analyzes
the packet, but the reaction (i.e. firewall config) can be done to
automatically isolate that box so that the hacker can't get in or worms
break out. Same thing you would do by hand, except the IDS does it for
you much faster and at 4am when you're not there.

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Network IDS Duston Sickler (Aug 19)
- Re: Network IDS Andreas Krennmair (Aug 21)
  - Re: Network IDS Barry Fitzgerald (Aug 21)
    - Re: Network IDS Steffen Kluge (Aug 25)
    - Re: Network IDS Sam f. Stover (Aug 25)
    - Re: Network IDS Barry Fitzgerald (Aug 25)
    - Re: Network IDS Andreas Krennmair (Aug 26)
    - Re: Network IDS Barry Fitzgerald (Aug 28)
    - Re: Network IDS Frank Knobbe (Aug 28)
    - Re: Network IDS Mark Teicher (Aug 28)
    - Re: Network IDS Frank Knobbe (Aug 28)
    - Re: Network IDS Andreas Krennmair (Aug 25)
    - Re: Network IDS Barry Fitzgerald (Aug 26)
- RE: Network IDS Fergus Brooks (Aug 21)
- RE: Network IDS Terry Ziemniak (Aug 21)
- <Possible follow-ups>
- RE: Network IDS Robert.Lupo (Aug 21)
  - Re: Network IDS Gary Flynn (Aug 21)
  - RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS José Joaquín (Aug 21)

(Thread continues...)