Thu Nov 23 16:36:19 EST 2017
Wanna DOS a service? If a site uses active Firewall reconfiguration
you simply have to send lots and lots of spoofed attacks and the whole
Internet will be unable to connect to the site (okay, maybe this is somewhat
exaggerated, but you *really* can generate a lot of trouble).
But this is just my humble opinion and, as I said - I am a newbie and maybe
I just did not configure my IDS properly - well it should not have such
default settings in the first place.
BTW: I will *not* recommend usage of active response in my diploma thesis.
It's so difficult to keep track of those blocking rules.
IDS is expensive and you usually have a hard time justifying that you need
for additional Sensors and stuff. So if you _ever_ cause network problems
because your IDS blocks legitimate connections for whatever reason, your job
will get a lot more unpleasent for you and you can forget that additional money
you need for your IDS ;)
<flailing robot arms>
DANGER! DANGER! DANGER WILL ROBINSON! 
</flailing robot arms>
GMX - Die Kommunikationsplattform im Internet.
More information about the Snort-users