IDS: Re: Active response... some thoughts.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

Re: Active response... some thoughts.

From: "andre" <andreq () infolink com br>
Date: Sat, 8 Feb 2003 19:50:21 -0200

What about blocking only a few certain attacks, that could not be easily
spoofed. Such like HTTP vulnerabilities and others that need a complete
handshake to work.

Ok,its not impossible to spoof, but packet sequence prediction is a bit hard
nowadays.

From: Chris Travers [mailto:chris () travelamericas com]
Sent: Wednesday, February 05, 2003 8:16 AM
To: Thomas H. Ptacek
Cc: Focus-IDS
Subject: Re: Active response... some thoughts.


Thomas;

I was also thinking about a liability from a poorly implimented system

being

able to be used to DOS an address by spoofing packets from that address.

I guess I come back to advocating passive solutions primarily.

Best Wishes,
Chris Travers

By Date By Thread

Current thread:

Re: Active response... some thoughts., (continued)
- Re: Active response... some thoughts. fr0ck9 (Feb 05)
  - RE: Active response... some thoughts. Rob Shein (Feb 07)
- RE: Active response... some thoughts. Ralph Los (Feb 07)
  - Re: Active response... some thoughts. SecurityFocus (Feb 10)
- RE: Active response... some thoughts. Ralph Los (Feb 07)
  - Re: Active response... some thoughts. andre (Feb 08)
    - Re: Active response... some thoughts. Frank Knobbe (Feb 10)
    - RE: Active response... some thoughts. Rob Shein (Feb 11)
- Re: Active response... some thoughts. mb_lima (Feb 11)
- RE: Active response... some thoughts. Steven Richards (Feb 12)