fknobbe at ...652...
Mon Dec 2 14:44:04 EST 2002
On Mon, 2002-12-02 at 15:47, ams67 wrote:
> IMAO IDSs should not interfere with FWs. If I spoof my IP address with
> your current, e.g. DNS server and send a forged packet with an attack
> signature to your network protected by your IDS/FW integrated system I
> can create an easy DoS by stopping legal and operational traffic.
> That is really easy to accomplish (e.g. nmap -D your.good.dns.server,
> your.good.external.router, etc..).
Basically true, but you can minimize the risk of those conditions.
SnortSam and Guardian for example have white-lists. Also, SnortSam can
detect DoS conditions and undo recent blocks and sit idle for a while.
Being able to DoS someone by spoofing DNS servers is becoming lame...
(no offense, but that argument has been beaten to death...)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 307 bytes
Desc: This is a digitally signed message part
More information about the Snort-users