Firewall Wizards: Re: Intrusion Detection

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: Intrusion Detection

From: "Paul D. Robertson" <proberts () clark net>
Date: Tue, 14 Apr 1998 14:06:43 -0400 (EDT)

On Tue, 14 Apr 1998, Marcus J. Ranum wrote:

      There are really only 2 good reasons I can think of for ID systems:
1) To develop a threat level model as to how often you are attacked
2) To detect clueless people inside your organization who are attacking
      outside sites


3) To detect clueless people inside your organization, or with access to 
   your facilities who are attacking your own systmems.

4) To trend traffic to detect possible tunnels through allowed protocols 
   like HTTP or SSL.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

By Date By Thread

Current thread:

Intrusion Detection shantanu bhattacharya (Apr 14)
- Re: Intrusion Detection Marcus J. Ranum (Apr 14)
  - Re: Intrusion Detection tqbf (Apr 14)
- Re: Intrusion Detection Adam Shostack (Apr 14)
  - Re: Intrusion Detection Marcus J. Ranum (Apr 14)
    - Re: Intrusion Detection Paul D. Robertson (Apr 14)
    - Re: Intrusion Detection Adam Shostack (Apr 15)
    - Re: Intrusion Detection Marcus J. Ranum (Apr 15)
    - Re: Intrusion Detection Aleph One (Apr 14)
    - Re: Intrusion Detection Marcus J. Ranum (Apr 14)
    - Re: Intrusion Detection Aleph One (Apr 14)