Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 1999-q4

IDS Archives: Re: IDS: SV: Combining IDS and firewalls

Re: IDS: SV: Combining IDS and firewalls

Jonas Eriksson (jesekure.net)
Mon, 13 Sep 1999 23:14:43 +0200 (CEST)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Peng Ning: "IDS: Introduction"
Previous message: Jeff Oliver: "RE: IDS: Combining IDS and firewalls"
In reply to: CyberPsychotic: "Re: IDS: Combining IDS and firewalls"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

---
There is an free program named Sentry that can change the firewall
rules in realtime (For *BSD and Linux)
You can find sentry at: 
http://www.psionic.com/abacus/portsentry/
And a piece of code that spoofs an attack can be found at:
http://www.dataguard.no/bugtraq/1998_3/0063.html
Regards
-- Jonas Eriksson 
   Sekure.NET Security Research
   Lulea/Sweden
On Mon, 13 Sep 1999, Aronius Joakim wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Combining firewalls and IDS does give some neat features but it also
> opens up some new vulnerabillities. It is for example trivial to
> block access to any site only by scanning the fw with a spoofed
> adress. Rule no.1 keep it simple...
> 
> Regards,
> Joakim Aronius
> _____________________________________________________
> Joakim Aronius, ICL IT-Security
> Linköping, Sweden
> 
> *** PGP Signature Status: unknown
> *** Signer: Unknown, Key ID = 0xA1F0DCEA
> *** Signed: 1999-09-11 17:50:56
> *** Verified: 1999-09-13 07:58:08
> *** BEGIN PGP VERIFIED MESSAGE ***
> 
>   Has anyone any experience in combining firewalls with IDS? Several
> commercial Intrusion Detection systems can generate new firewall
> rules
> on the fly to block the possible intrusion. Has anyone used this and
> has had good or bad experience with it?
> 
>  As well, are there any systems to combine the firewall logging with
> IDS logging to generate more complete summaries of an attack? Since a
> firewall may block part of the intruders attack but not block the
> part
> that the IDS sees, we need both sets of logs to analyse the nature of
> the attack.
> 
> 
> Bill Royds
> Internet Security Manager
> Department of Canadian Heritage
> 15-5-F, 15 Eddy St.
> Hull QC
> 
> phone: (819) 994-0507
> email: postmasterpch.gc.ca
> 
> 
> 
> 
> *** END PGP VERIFIED MESSAGE ***
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBN9yGbQ2P5cC54v7BEQKIPwCZAVICQpUxwF9TCqvBeeOYtU+xx+EAoOyq
> sAhX7Kp32jYj/I9x1ZTeVhIf
> =zVf1
> -----END PGP SIGNATURE-----
> 
>

Next message: Peng Ning: "IDS: Introduction"
Previous message: Jeff Oliver: "RE: IDS: Combining IDS and firewalls"
In reply to: CyberPsychotic: "Re: IDS: Combining IDS and firewalls"

This archive was generated by hypermail 2.0b3 on Tue Sep 14 1999 - 06:00:37 CDT