Re: Top IPS vendors - please read for invitation to Network World review.

[Scott Wimer <scottw () cylant com>]

Forgive me for being callous, but this methodology is just asking for 
problems.  If somebody portscans you from a spoofed address: say your 
DNS server's IP maybe, then you now have some interesting problems.

This is using a broadsword where a scalpel is called for.
scottwimer

Daniel Cid wrote:
> Portsentry can block an ip address using the route
> command (route reject) in  machines that doesnt have a
> firewall.
>
> Thanks
>
> Daniel B. Cid
>
>
> > --- Paul Schmehl <pauls () utdallas edu> escreveu: >
>
> -->On Wednesday, August 27, 2003 6:30 AM -0600 Mark
>
> > Teicher 
> > <mht3 () earthlink net> wrote:
> >
> > > PortSentry - is more of a firewall than IPS, does
> >
> > not have any
> >
> > > preventative functionality similiar to Cisco
> >
> > Secure Agent aka Okena
> >
> > > Stormwatch
> >
> > Have you used PortSentry?  It's certainly not a
> > firewall at all.  It 
> > detects "bad" behavior and immediately writes rules
> > to the firewall as well 
> > as to tcpwrappers (if it's configured that way.)  I
> > would define that as an 
> > IDS.  A specialized one perhaps.  But certainly not
> > a firewall.  PortSentry 
> > doesn't block anything directly.  If the host
> > doesn't have a firewall 
> > installed, then all PortSentry can do is either
> > report the problem (through 
> > logging) or write deny rules to tcpwrappers (if
> > configured to do so.)
> >
> > As far as all this philosophical rambling about what
> > defines this or that 
> > or whether or not a term is mere marketing fluff or
> > something more 
> > substantial, I'll leave that to all the resident
> > experts.
> >
> > Paul Schmehl (pauls () utdallas edu)
> > Adjunct Information Security Officer
> > The University of Texas at Dallas
> > AVIEN Founding Member
> > http://www.utdallas.edu
>
> ---------------------------------------------------------------------------
>
> > Attend Black Hat Briefings & Training Federal,
> > September 29-30 (Training), October 1-2 (Briefings)
> > in Tysons Corner, VA; the worldÂ’s premier 
> > technical IT security event.  Modeled after the
> > famous Black Hat event in 
> > Las Vegas! 6 tracks, 12 training sessions, top
> > speakers and sponsors.  
> > Symanetc is the Diamond sponsor.  Early-bird
> > registration ends September 6 Visit:
> > www.blackhat.com
>
> ---------------------------------------------------------------------------
>
> >
>
>
> _______________________________________________________________________
> Desafio AntiZona: participe do jogo de perguntas e respostas que vai
> dar um Renault Clio, computadores, câmeras digitais, videogames e muito
> mais! www.cade.com.br/antizona
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂ’s premier 
> technical IT security event.  Modeled after the famous Black Hat event in 
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
> Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
> ---------------------------------------------------------------------------

--
Scott M. Wimer, CTO                      Cylant
www.cylant.com                           121 Sweet Ave.
v. (208) 883-4892                        Suite 123
c. (208) 301-0370                        Moscow, ID 83843
There is no Security without Control.


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂ’s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------