|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Chris Travers (chris_at_travelamericas.com)
Date: Fri Jan 31 2003 - 12:22:58 CST
Hi--
I had an additional idea relating to quasi-active response. For example--
An IDS could have hooks into a routers filtering tables in order to
temporarily ban that IP address. This has the advantage of the RST in
that all inbound traffic from the attacker would be stopped, but would
create less traffic on the gateway than a RST would. Additionally this
could also be used against connectionless protocols such as UDP and ICMP.
It is more flexible, could be implimented on a timer to minimize the
damage of false alarms, etc.
Best Wishes,
Chris
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]