IDS mailing list archives
Re: Network IDS
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 28 Aug 2003 11:18:26 -0500
On Thu, 2003-08-28 at 06:15, Mark Teicher wrote:
Again off the beaten path, your description below is a HoneyPot, not an IPS
At 01:15 PM 8/27/2003, Frank Knobbe wrote:Another idea you could use this for is automated containment of intrusions. Yeah, your box may be hacked by the time the IDS analyzes the packet, but the reaction (i.e. firewall config) can be done to automatically isolate that box so that the hacker can't get in or worms break out. Same thing you would do by hand, except the IDS does it for you much faster and at 4am when you're not there.
Howdy Mark, I'm not sure that this fits a honeypot exactly. Honeypots (and I'm sure Lance will correct me quickly where I'm wrong ;) main or original purpose was to detect unauthorized happenings, and in some cases maybe even attract them or through sheer presence distract from the real jewels. It is more focused on identifying the attacker, not protecting the host it is installed on. (though through it's installation it is protecting the network.... ) There are some tools, like Bait'n'Switch and will actually protect networks by rerouting/blocking an intruder that put his fingers into the honeypot. Other solutions are more host based (i.e. HIPS) but I haven't seen a lot of network based solution aimed at identifying and isolating hacked systems. But again, when talking about these technologies, we're getting off the path we're on. I just doubt that we are on a honeypot path. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Network IDS Duston Sickler (Aug 19)
- Re: Network IDS Andreas Krennmair (Aug 21)
- Re: Network IDS Barry Fitzgerald (Aug 21)
- Re: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Sam f. Stover (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 25)
- Re: Network IDS Andreas Krennmair (Aug 26)
- Re: Network IDS Barry Fitzgerald (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Barry Fitzgerald (Aug 21)
- Re: Network IDS Andreas Krennmair (Aug 21)
- Re: Network IDS Andreas Krennmair (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 26)
- <Possible follow-ups>
- RE: Network IDS Robert.Lupo (Aug 21)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS José Joaquín (Aug 21)
- RE: Network IDS Zach Forsyth (Aug 25)
- RE: Network IDS Zach Forsyth (Aug 25)