On Wed, 2002-03-06 at 10:04, Toni Heinonen wrote: > > Indeed. I think almost all NIDSs by now know how to react to attacks at least at >some level. For instance, Snort (http://www.snort.org/) knows how to spoof >RST-flagged packets to both parties, effectively terminating the connection there. > > Of course, you could also make an IDS software that watches the NIDS-software's logs >and upon intrusion does whatever you want. A shell script, say. > > Also, Check Point's OPSEC-standard is meant for all sorts of communications from >hosts to firewalls. Now the Network Flight Recorder (NFR, nfr.net) software knows how >to speak OPSEC to a Firewall-1 and effectively shut the intruder from your network. >As does ISS's product, if I recall correctly.
As does Snort via the SnortSam agent (http://www.snortsam.net). SnortSam will soon also handle PIX. Regards, Frank
signature.asc
Description: This is a digitally signed message part