On Sun, 13 Feb 2000, Andy wrote: > Blocking using an IDS definitely has its flaws, a hacker could exploit this > as Michael Rash stated, spoofing the address of your customers/partners in > the hope that they will be cut off by your IDS. I have had another look at > SessionWall 3 and whilst its not the best IDS on the market it does have > some interesting features that may be of use to you. > Any other solutions out there ?? I've developed some stuff for FW-1, however I prefer automated alerts, not responses. DoS attacks are a concern with automated responses. I even managed to DoS myself with a misconfiugered firewall. I have had the best success with being alerted to an Intrusion, then allowing myself to make a decision based on it. Most of your scans are only attempts to gather information. As long as these attempts are blocked, you most likely do not need an automated response. Lance Spitzner http://www.enteract.com/~lspitz/papers.html
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:27 PDT