Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Best IDS??

To: [email protected]
Subject: Re: [FW-1] Best IDS??
From: Frank Knobbe <[email protected]>
Date: Sun, 2 Dec 2001 20:28:09 -0600
Comments: To: "[email protected]" <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Carl E. Mankinen [mailto:[email protected]]
> Sent: Thursday, November 29, 2001 12:50 PM
>
> Carefully setup rules for filtering of alerts on valid flows, and
> set everything else to a variety of actions such as:
> FW-1 OPSEC (block intruder, might be good idea on certain types of
> activity like ftp, however OPSEC blocking can BITE you if the
> attacker manages to spoof addresses for sites on the Inet you don't
> want
> blocked...basically, you could DoS yourself from accessing
> even the root
> name servers!)


Carl,

the concerns you listed are exactly the reasons I created SnortSam
(www.snortsam.net), which you might want to check out. It can make
automated blocking much safer. (SnortSam is a plugin to Snort and an
agent which allows for blocking on Checkpoint firewalls).

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBPArjMJytSsEygtEFEQJRkwCgmBVxmv1e3dfK77NrR/OIbyVcJ4IAoOC8
F60/RoWQ7az1x35KN7neh7Rq
=NK0U
-----END PGP SIGNATURE-----

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: [FW-1] Log Files
Next by Date: [FW-1] Tab Blair/HQ/CHEM/VULCAN/US is out of the office.
Previous by thread: Re: [FW-1] Log files
Next by thread: [FW-1] Best IDS??
Index(es):
- Date
- Thread