Some IDS packages are able to terminate offending network sessions on the fly. E-trust IDS does this by sending several spoofed packets with the RST flag set.
Security Focus recently carried an article on this type of defense called "Understanding IDS Active Response Mechanisms" by Jason Larsen and Jed Haile. http://online.securityfocus.com/infocus/1540 Chuck charles.skogl [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] 03/05/2002 cc: 12:22 PM Subject: IDS that retaliates. Hi I read a long time ago that some goverment agency in the US was working on a IDS that could retaliate. I wonder if someone has any information on any IDS that does that, or any ideas on how to make an IDS that in return of an event triggers different securitymeasures. Thankfull for all replys. Regards Charles --------------------------------------------------------------------- Charles Skoglund, OM AB (Norrlandsgatan 31) SE-105 78 Stockholm Email: [EMAIL PROTECTED] Phone: +46 (0)8 405 64 90 Mobile: +46 (0)70 597 52 32 Switchboard: +46 (0)8 405 60 00