|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frank Knobbe (fknobbe_at_knobbeits.com)
Date: Mon Dec 02 2002 - 16:43:28 CST
On Mon, 2002-12-02 at 15:47, ams67 wrote:
> IMAO IDSs should not interfere with FWs. If I spoof my IP address with
> your current, e.g. DNS server and send a forged packet with an attack
> signature to your network protected by your IDS/FW integrated system I
> can create an easy DoS by stopping legal and operational traffic.
> That is really easy to accomplish (e.g. nmap -D your.good.dns.server,
> your.good.external.router, etc..).
Basically true, but you can minimize the risk of those conditions.
SnortSam and Guardian for example have white-lists. Also, SnortSam can
detect DoS conditions and undo recent blocks and sit idle for a while.
Being able to DoS someone by spoofing DNS servers is becoming lame...
(no offense, but that argument has been beaten to death...)
Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iQCVAwUAPeviD7+0ijK5TGa5AQIBvQP8Ceav0gld42NkoOu+1TwW1zs8gSHw6hH2
9CGClNRak5ZkmSQawQnejyZBnwCYBYJ12e3aXBqFCtB+E2BYvpSeCHp3DkIhKqHQ
FHLER6huXqFSDoO3wbJpzO+1wNloP60FfTpok0BzJi/e3QTw6ABz27HPd2xAm/AQ
RhM71qlFkB8=
=/3bP
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]