Re: IDS: Combining IDS and firewalls

CyberPsychotic (mlistsgizmo.kyrnet.kg)
Sun, 12 Sep 1999 23:03:33 +0600 (KGST)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Aronius Joakim: "IDS: SV: Combining IDS and firewalls"
• Previous message: Robert Graham: "Re: IDS: Combining IDS and firewalls"
• Maybe in reply to: Bill Royds: "IDS: Combining IDS and firewalls"
• Next in thread: Jeff Oliver: "RE: IDS: Combining IDS and firewalls"
• Reply: Jeff Oliver: "RE: IDS: Combining IDS and firewalls"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

---
~ 
~   Has anyone any experience in combining firewalls with IDS? Several
~ commercial Intrusion Detection systems can generate new firewall rules
~ on the fly to block the possible intrusion. Has anyone used this and
~ has had good or bad experience with it?
I was able to play around in lab envinroment while ago to code testing
daemon which could modify ipfw rules on the fly, if it detects some odd
traffic. it was while ago (2.2.8 FreeBSD) so might be outdated, but I
guess I still have it on my disks, if you're interested.

• Next message: Aronius Joakim: "IDS: SV: Combining IDS and firewalls"
• Previous message: Robert Graham: "Re: IDS: Combining IDS and firewalls"
• Maybe in reply to: Bill Royds: "IDS: Combining IDS and firewalls"
• Next in thread: Jeff Oliver: "RE: IDS: Combining IDS and firewalls"
• Reply: Jeff Oliver: "RE: IDS: Combining IDS and firewalls"

This archive was generated by hypermail 2.0b3 on Mon Sep 13 1999 - 01:47:21 CDT