IDS mailing list archives
Re: Top IPS vendors - please read for invitation to Network World review.
From: Daniel Cid <danielcid () yahoo com br>
Date: Fri, 29 Aug 2003 08:26:02 -0300 (ART)
Portsentry can block an ip address using the route command (route reject) in machines that doesnt have a firewall. Thanks Daniel B. Cid
--- Paul Schmehl <pauls () utdallas edu> escreveu: >
-->On Wednesday, August 27, 2003 6:30 AM -0600 Mark
Teicher <mht3 () earthlink net> wrote:PortSentry - is more of a firewall than IPS, doesnot have anypreventative functionality similiar to CiscoSecure Agent aka OkenaStormwatchHave you used PortSentry? It's certainly not a firewall at all. It detects "bad" behavior and immediately writes rules to the firewall as well as to tcpwrappers (if it's configured that way.) I would define that as an IDS. A specialized one perhaps. But certainly not a firewall. PortSentry doesn't block anything directly. If the host doesn't have a firewall installed, then all PortSentry can do is either report the problem (through logging) or write deny rules to tcpwrappers (if configured to do so.) As far as all this philosophical rambling about what defines this or that or whether or not a term is mere marketing fluff or something more substantial, I'll leave that to all the resident experts. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
_______________________________________________________________________ Desafio AntiZona: participe do jogo de perguntas e respostas que vai dar um Renault Clio, computadores, câmeras digitais, videogames e muito mais! www.cade.com.br/antizona --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: Top IPS vendors - please read for invitation to Network World review. Andy Cuff [Talisker] (Aug 05)
- <Possible follow-ups>
- Re: Top IPS vendors - please read for invitation to Network World review. Andrew Plato (Aug 26)
- Re: Top IPS vendors - please read for invitation to Network World review. Paul Schmehl (Aug 26)
- Re: Top IPS vendors - please read for invitation to Network World review. Mark Teicher (Aug 27)
- Re: Top IPS vendors - please read for invitation to Network World review. Paul Schmehl (Aug 28)
- Re: Top IPS vendors - please read for invitation to Network World review. Daniel Cid (Aug 29)
- Re: Top IPS vendors - please read for invitation to Network World review. Paul Schmehl (Aug 26)
- Re: Top IPS vendors - please read for invitation to Network World review. Ron Gula (Aug 26)
- Re: Top IPS vendors - please read for invitation to Network World review. dodo (Aug 27)
- Re: Top IPS vendors - please read for invitation to Network World review. Scott Wimer (Aug 28)
- Re: Top IPS vendors - please read for invitation to Network World review. Mark Teicher (Aug 30)