[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] MAD?
MAD is only an after the fact detection system. It is not at all related to CyberAttackDefenseSystem, which is still awaiting deployment. "Carl E. Mankinen" wrote: > I don't think its "just a log parser". From what I understand, it processes new log entries in realtime. > It requires the ELA proxy as a result, and I remember something about CADS...but I don't think > it was very usefull in practice. > > Another reason to keep the ELA proxy turned on (assuming you want MAD sending you pages etc) > > ----- Original Message ----- > From: "Drew Simonis" <[email protected]> > To: "Carl E. Mankinen" <[email protected]> > Cc: <[email protected]>; <[email protected]> > Sent: Tuesday, October 31, 2000 3:38 PM > Subject: Re: [FW1] MAD? > > > > > "Carl E. Mankinen" wrote: > > > > > > From I was told, it builds table entries of it's own for all the connections thru the firewall and > > > works somewhat independently of the inspect engine. It also hooks into the logging daemon > > > and detects log entries. > > > > > > > IIRC CPMAD is a simple log parser. It does no more than go through > > logged events and apply the criteria to them, looking for things > > that meet its settings. Nothing exciting to it. As far as its > > picky config file and the odd memory issues, I was told the same > > thing. > > > > > > ================================================================================ > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================================================ > > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|