|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: andre (andreq_at_infolink.com.br)
Date: Sat Feb 08 2003 - 15:50:21 CST
What about blocking only a few certain attacks, that could not be easily
spoofed. Such like HTTP vulnerabilities and others that need a complete
handshake to work.
Ok,its not impossible to spoof, but packet sequence prediction is a bit hard
nowadays.
> From: Chris Travers [mailto:chris
travelamericas.com]
> Sent: Wednesday, February 05, 2003 8:16 AM
> To: Thomas H. Ptacek
> Cc: Focus-IDS
> Subject: Re: Active response... some thoughts.
>
>
> Thomas;
>
> I was also thinking about a liability from a poorly implimented system
being
> able to be used to DOS an address by spoofing packets from that address.
>
> I guess I come back to advocating passive solutions primarily.
>
> Best Wishes,
> Chris Travers
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]