Snort mailing list archives
Re: ask about hack program to go through the firewall
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 19 Sep 2002 15:50:02 -0400
In theory, nobody needs an IDS if their firewall is strong enough to prevent all attacks... Of course, the only firewall strong enough for that is a cut cable.
On the same note, nobody would need an alarm system if their office building was tough enough to prevent all breakin attempts, but that building would be a solid concrete block with no doors or windows.
In practice most firewalls block "unreasonable access" to particular machines or ports, but they don't often block "unreasonable data" contained in a reasonable access.
Sure some firewalls do examine application layer data, but not all do, and even the ones that do only examine it in a limited fashion. Will your firewall block an invalidly formatted HTTP GET request to a valid webserver? Will it block an invalidly large response? Does it cover all data formats for all DNS packets? What about SMTP, IM, POP, and all of the myriad of other protocols out there? Will it notice if someone connects to your DNS server via TCP and sends a large sequence of NOP's (generaly found in a stack smash)?
At 05:30 AM 9/19/2002 -0700, ardi wrote:
My point here is do we need an IDS if the firewall is strong enough to block the attack..??
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ask about hack program to go through the firewall ardi (Sep 19)
- Re: ask about hack program to go through the firewall Jon Quiros (Sep 19)
- Re: ask about hack program to go through the firewall Jon Quiros (Sep 19)
- Re: ask about hack program to go through the firewall Michael Muenz (Sep 19)
- Re: ask about hack program to go through the firewall Matt Kettler (Sep 19)
- RE: ask about hack program to go through the firewall Michael Steele (Sep 19)
- Re: ask about hack program to go through the firewall Jeff Taylor (Sep 20)
- <Possible follow-ups>
- Re: ask about hack program to go through the firewall Error79 (Sep 20)
- RE: Re: ask about hack program to go through the firewall Donofrio, Lewis (Sep 20)
- Re: ask about hack program to go through the firewall Jon Quiros (Sep 19)