Hosting Provided By

RE: IDS responses

From: Kohlenberg, Toby <toby.kohlenberg(at)intel.com>
Date: Mon Nov 18 2002 - 05:47:07 EST

This is a good list but you missed one:
forged response to the attacker- Dragon has/had (I haven't checked to see if it is in the newest release) the ability to respond to things like scanning and Nmap OS detection packets with spoofed data that would suggest a different OS or ports being open/closed when they are not in reality. This is very cool, IMHO, as it doesn't kill the connection, it just injects some false information into the data flow that will make the attackers job more difficult.

All opinions are my own and in no way reflect the views of my employer.

Toby

> -----Original Message-----
> From: marca369@student.liu.se [mailto:marca369@student.liu.se]
> Sent: Friday, November 15, 2002 5:06 AM
> To: focus-ids@securityfocus.com
> Subject: IDS responses
>
>
>
>
> Hi all!
Received on Fri Nov 22 19:13:06 2002

This message: [ Message body ]
Next message: Brian Laing: "RE: IDS Informer"
Previous message: Douglas Hart: "RE: IDS using Taps & network bridging"
In reply to marca369(at)student.liu.se: "IDS responses"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:04 EDT