Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] MAD?

To: "Carl E. Mankinen" <[email protected]>
Subject: Re: [FW1] MAD?
From: CryptoTech <[email protected]>
Date: Tue, 31 Oct 2000 18:23:30 -0500
Cc: Drew Simonis <[email protected]>, [email protected], [email protected]
References: <[email protected]> <003f01c04356$358d8750$2914010a@AHLJAX001541> <[email protected]> <024c01c04380$2f271820$2914010a@AHLJAX001541>
Sender: [email protected]

MAD is only an after the fact detection system.  It is not at all related to CyberAttackDefenseSystem, which
is still awaiting deployment.

"Carl E. Mankinen" wrote:

> I don't think its "just a log parser". From what I understand, it processes new log entries in realtime.
> It requires the ELA proxy as a result, and I remember something about CADS...but I don't think
> it was very usefull in practice.
>
> Another reason to keep the ELA proxy turned on (assuming you want MAD sending you pages etc)
>
> ----- Original Message -----
> From: "Drew Simonis" <[email protected]>
> To: "Carl E. Mankinen" <[email protected]>
> Cc: <[email protected]>; <[email protected]>
> Sent: Tuesday, October 31, 2000 3:38 PM
> Subject: Re: [FW1] MAD?
>
> >
> > "Carl E. Mankinen" wrote:
> > >
> > > From I was told, it builds table entries of it's own for all the connections thru the firewall and
> > > works somewhat independently of the inspect engine. It also hooks into the logging daemon
> > > and detects log entries.
> > >
> >
> > IIRC CPMAD is a simple log parser.  It does no more than go through
> > logged events and apply the criteria to them, looking for things
> > that meet its settings.  Nothing exciting to it.  As far as its
> > picky config file and the odd memory issues, I was told the same
> > thing.
> >
> >
> > ================================================================================
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ================================================================================
> >
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- [FW1] My translation is broken.
  - From: Rodrick Brown <[email protected]>

References:
- [FW1] MAD?
  - From: [email protected]
- Re: [FW1] MAD?
  - From: [email protected] (Carl E. Mankinen)
- Re: [FW1] MAD?
  - From: Drew Simonis <[email protected]>
- Re: [FW1] MAD?
  - From: [email protected] (Carl E. Mankinen)

Prev by Date: RE: [FW1] Installing FW-1 on Linux
Next by Date: [FW1] My translation is broken.
Previous by thread: Re: [FW1] MAD?
Next by thread: [FW1] My translation is broken.
Index(es):
- Date
- Thread