|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Chris Travers (chris_at_travelamericas.com)
Date: Wed Feb 05 2003 - 01:16:08 CST
Thomas;
I was also thinking about a liability from a poorly implimented system
being able to be used to DOS an address by spoofing packets from that
address.
I guess I come back to advocating passive solutions primarily.
Best Wishes,
Chris Travers
Thomas H. Ptacek wrote:
>On 1/31/03 1:22 PM, "Chris Travers" <chris
travelamericas.com> wrote:
>
>
>
>>An IDS could have hooks into a routers filtering tables in order to
>>temporarily ban that IP address. This has the advantage of the RST in
>>that all inbound traffic from the attacker would be stopped, but would
>>
>>
>
>ACL countermeasures are generally avoided because it is hard to make them
>fail safely. It is not easy to push soft-state ACLs to Cisco and Juniper
>routers; the risk that the IDS could get desynchronized from the filter is
>large.
>
>
>
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]