-Original Message-
From: Simon Edwards
Sent: 08 March 2002 21:29
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
I have heard of similar things, probably one
In my days through the net I have only come accross an IDS that retaliates
once. It essentially 'nuked' back on any illegal connection or connection
request. Just like everyone else I would make the call that itsa bad idea
simply because of the effect it can have on owned computers.
Peter
: Wednesday, March 06, 2002 7:01 PM
To: Mark Crosbie; Carr, Aaron [CNTUS]
Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
Mark Crosbie wrote:
What good does retaliation really get you though (apart from a whole
load of legal headache)? Wouldn't
I think what Marcus was referring to what was coming in the next 4 or 5
years was the ability for Intrusion Detection to be more reliable. I
highly doubt we will every see 100% but we should be able to get close.
As far as IDS' that retaliates, there are current products out
: Wednesday, March 06, 2002 8:23 PM
Subject: RE: IDS that retaliates.
On Wed, 2002-03-06 at 06:22, Carr, Aaron [CNTUS] wrote:
You may wish to clarify your meaning of retaliate. When I think
As a HIDS we tend to think of retaliation (which is such an aggresive
term) more in terms of recovery. So
: RE: IDS that retaliates.
I see your point. However, that is like saying the innocent is not
innocent
until proven guilty. Do we not have to abide by our constitution when
it
comes to these matters as well?
-Original Message-
From: Royer, Cedric [mailto:[EMAIL PROTECTED]]
Sent
If they weren't all out to get me ... I would have no reason to be Paran0id!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 12:23 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: IDS that retaliates.
Hi
I read a long time ago that some
16:04
To: Carr, Aaron [CNTUS]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
retaliate, I think an equal or greater reaction to the probe
or attack in
question. You may simply be saying take effective
counter-measures, such as
performing a shun
];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
Agreed. Plus, you can't go launching counter-attacks when most of the time
the machine you would be attacking was not at fault. It's been spoofed in
some way shape or form. Therefore, you would be taking down an innocent
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 12:23 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: IDS that retaliates.
Hi
I read a long time ago that some goverment agency in the US was working
on a IDS that could retaliate. I wonder if someone has any
Mark Crosbie wrote:
What good does retaliation really get you though (apart from a whole
load of legal headache)? Wouldn't recovery be a better goal to aim
for?
We've often gotten requests for firewall reconfiguration or other types
of reaction - what's interesting to me is that all these
PROTECTED]]
Sent: Wednesday, March 06, 2002 4:01 PM
To: Mark Crosbie; Carr, Aaron [CNTUS]
Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
Mark Crosbie wrote:
What good does retaliation really get you though (apart from a whole
load of legal
very true
retaliation is illegal
dp
- Original Message -
From: Mike Gilles [EMAIL PROTECTED]
To: 'McCammon, Keith' [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Wednesday, March 06, 2002 1:49 AM
Subject: RE: IDS that retaliates.
| Just as a side note
Crosbie; Carr, Aaron [CNTUS]
Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
Mark Crosbie wrote:
What good does retaliation really get you though (apart from a whole
load of legal headache)? Wouldn't recovery be a better goal to aim
for?
We've often
retaliate, I think an equal or greater reaction to the probe
or attack in
question. You may simply be saying take effective
counter-measures, such as
performing a shun on a host or network, which is already available in
multiple products. One such product is the Cisco secure IDS
in
PROTECTED]
Subject: RE: IDS that retaliates.
I see your point. However, that is like saying the innocent is not
innocent
until proven guilty. Do we not have to abide by our constitution when
it
comes to these matters as well?
-Original Message-
From: Royer, Cedric [mailto:[EMAIL
[EMAIL PROTECTED]
To: McCammon, Keith [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Tuesday, March 05, 2002 1:56 PM
Subject: RE: IDS that retaliates.
Replying to spoofed packed with an attack could have nasty consequences.
If someone spoofed packets
PROTECTED]]
Sent: Tuesday, March 05, 2002 3:00 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
This is generally referred to as Active Response. In most cases
(commercial IDS), this involves the IDS sending TCP RST packets to both
ends
]]
::Sent: Tuesday, March 05, 2002 12:23 PM
::To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
::Subject: IDS that retaliates.
::
::
::
::
::Hi
::
::I read a long time ago that some goverment agency in the US
::was working on a IDS that could retaliate. I wonder if
::someone has any information on any
:
12:22 PM Subject: IDS that retaliates
[EMAIL PROTECTED]
The desire to click through far outweighs the reason not to.
-Original Message-
From: Ralph Los [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 2:47 PM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
I can't speak
:
06/03/2002 07:00 AM Subject: RE: IDS that retaliates
PROTECTED]
Subject: RE: IDS that retaliates.
I can't speak for too many options - but Secure Computing has a product that
USED to do that, until it became illegal. (If I'm not mistaken, and I might
be, SideWinder did something of the nature, or maybe the complemenatry IDS?)
Cheers
|
::-Original Message-
::From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
::Sent: Tuesday, March 05, 2002 12:23 PM
::To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
::Subject: IDS that retaliates.
::
::
::
::
::Hi
::
::I read a long time ago that some goverment agency
Message-
From: McCammon, Keith [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 3:00 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: IDS that retaliates.
This is generally referred to as Active Response. In most cases
(commercial IDS), this involves the IDS
This is generally referred to as Active Response. In most cases
(commercial IDS), this involves the IDS sending TCP RST packets to both
ends of the connection so that the connection is destroyed and cleared
from the buffers. This is also the extent to which most
commercially-available IDSs
Now if you're referring to launching counter-attacks or similar
offensives in response to alerts, this isn't going to go mainstream in
the near future. There are a number of reasons for this, but most
notably is the fact that (in the U.S., anyway) intrusive retaliation is,
technically, every
Also check out PacketHound from Palisades Systems
(http://www.packethound.com) - pretty cool.
-- Brent
-Original Message-
From: McCammon, Keith [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 2:00 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: IDS
28 matches
Mail list logo