Re: OT: An Idea for an IDS
On Tue, 01 Jul 2003 at 15:13:00 -0400, Matt Zimmerman wrote:
> On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:
>
> > On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > > Not really a good idea. Consider what happens when someone forges the IP
> > > addresses.
> >
> > One can predefine trusted or other very important IP addresses which
> > cannot be blocked.
> > In fact, such an utility exists and is present in Debian Woody:
> > fwlogwatch.
>
> Which ones are important? For example, one could forge packets from
Everyone must decide it for himself :-) .
> millions of random IP addresses, popular web sites, etc. and easily DoS such
> a system.
Sure, I am aware of cons of similar technique and I know that it's
_very_ far from perfectness. I wrote the previous message only because
someone wondered about creating similar utility, so I pointed to one of
already existing one :-) .
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
tomek@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
Reply to: