[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Best IDS??
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Carl E. Mankinen [mailto:[email protected]] > Sent: Thursday, November 29, 2001 12:50 PM > > Carefully setup rules for filtering of alerts on valid flows, and > set everything else to a variety of actions such as: > FW-1 OPSEC (block intruder, might be good idea on certain types of > activity like ftp, however OPSEC blocking can BITE you if the > attacker manages to spoof addresses for sites on the Inet you don't > want > blocked...basically, you could DoS yourself from accessing > even the root > name servers!) Carl, the concerns you listed are exactly the reasons I created SnortSam (www.snortsam.net), which you might want to check out. It can make automated blocking much safer. (SnortSam is a plugin to Snort and an agent which allows for blocking on Checkpoint firewalls). Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBPArjMJytSsEygtEFEQJRkwCgmBVxmv1e3dfK77NrR/OIbyVcJ4IAoOC8 F60/RoWQ7az1x35KN7neh7Rq =NK0U -----END PGP SIGNATURE----- =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|