Hosting Provided By

RE: Active response... some thoughts.

From: Brian Laing <Brian.Laing(at)blade-software.com>
Date: Fri Jan 31 2003 - 14:56:17 EST

Keep in mind its not just the sensor, its also the network. If the sensors is on the perimeter and the target is a decent way into the network normal network delay would with a high degree of probability prevent the reset getting there in time

Blade Software Nominated In The 8th ANNUAL SC AWARDS click on http://www.scmagazine.com/awards to vote

Brian Laing
CTO
Blade Software
Cellphone: +1 650.280.2389
Telephone: +1 650 367.9376
eFax: +1 208.575.1374
Blade Software - Because Real Attacks Hurt http://www.Blade-Software.com

-----Original Message-----
From: mb_lima [mailto:mb_lima@uol.com.br] Sent: Friday, January 31, 2003 8:35 AM
To: b_paul_palmer@yahoo.com
Cc: focus-ids@securityfocus.com
Subject: Re: Active response... some thoughts.

Hi Paul,

It is perfect your explanation, but an attacker can create ways to keep a sensor busy enough so that "if the sensor is fast enough" is not true. But I agree with you. TCP RST works fine for me. Best Regards,

Marcelo

> Actually, TCP RST is more than just a marketing

---
UOL, o melhor da Internet
http://www.uol.com.br/

Received on Mon Feb 3 10:57:57 2003

This message: [ Message body ]
Next message: Chris Travers: "Re: Active response... some thoughts."
Previous message: Talisker: "Re: Gig TAPs"
In reply to mb_lima: "Re: Active response... some thoughts."
Next in thread: Ali Saifullah Khan: "Re: Active response... some thoughts."
Reply: fr0ck9: "Re: Active response... some thoughts."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:08 EDT

Do you need help?