Full Disclosure mailing list archives

Re: Is Marty Lying?

From: Tom_Gordon/RISE/HIDOE () notes k12 hi us
Date: Mon, 22 Sep 2003 15:11:21 -0900

What about the "'Flexible Response' code, that allows you to cancel hostile connections 
on IP-level when a rule matches."?

Say I want to not allow any packets on port 25 to have ".scr" in plain 
text.  I write the rule and it gets prevented.  Isn't this preventive?

Intrusion Detection systems are designed to detect intrusions. Period.





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Is Marty Lying?, (continued)
- - - Re: Is Marty Lying? Valdis . Kletnieks (Sep 22)
    - The usefullness of IDSes (Was: Re: Is Marty Lying?) Peter Busser (Sep 23)
    - RE: The usefullness of IDSes (Was: Re: Is Marty Lying?) Philippe Bogaerts (Sep 23)
    - RE: The usefullness of IDSes (Was: Re: Is Marty Lying?) Cedric Blancher (Sep 23)
    - Re: Is Marty Lying? Peter Busser (Sep 22)
    - Re: Is Marty Lying? Shawn McMahon (Sep 22)
    - Re: Is Marty Lying? Frank Knobbe (Sep 22)
- Re: Is Marty Lying? David Hoelzer (Sep 22)
- RE: Is Marty Lying? Brown, Rodrick (Sep 22)
- Re: Is Marty Lying? Jeffrey . Stebelton (Sep 22)
- Re: Is Marty Lying? Tom_Gordon/RISE/HIDOE (Sep 22)