Re: fragroute vs. snort: the tempest in a teacup

[Marco Thorbruegge <thorbruegge () cert dfn de>]

-----BEGIN PGP SIGNED MESSAGE-----

Hi,

* Darren Reed:

> Well then IDS software needs to be smarter.  IMHO it makes little
> sense for an IDS to be *behind* a firewall as it's going to miss out
> on lots of useful data points.  

IMHO you want to have both:

- - intrusion detection with an IDS behind a firewall
- - attack detection with an IDS in front of a firewall

(and some correlation to validate your FW)

To have an IDS outside only does not make much sense in my eyes.

Regards,
Marco
- -- 
Marco Thorbruegge        |              mailto:thorbruegge () cert dfn de
DFN-CERT GmbH            |          http://www.cert.dfn.de/team/matho/
Oberstrasse 14b          |                    Phone: +49(40)808077-555
D-20144 Hamburg          |                      FAX: +49(40)808077-556
Germany                  | PGP-Key: finger thorbruegge () ftp cert dfn de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: For info see http://www.gnupg.org

iQEVAwUBPL+9U3sh3gGuZiQlAQEBbggAst6lBI2lCAhJUfD4u8SKWV4A1yVEc5M+
fWpnUOm08pAMHCvZInJUNLYtpGnRuhLVZE9fU3BmtQMnUN453TmoNnW+mFvpgPd9
APBvWQNCOrqS+C3dm6MxjTikOWUSYOGZPPRazAxLRzZq9cWE2DhakaYb7UyXNlJ3
bJCKPCuKOGdj1bpnTwz9pbRkhCypqSbQzpF1VWSBXqZSDXpHCSwhek/3bih6tnhX
7bVHMhUWeHuMIgAaQgo9geKBg3wBKbzEOjg7vPOsXRR2WJsXLu8PKbUsAU4e1r+x
3Wjxrs6q8CaaAKvJyOebvKG+0kMtq0yeSBEek1UROOyTpY9qHCIMCA==
=WZQh
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users