Re: OT: An Idea for an IDS

To: debian-security@lists.debian.org
Subject: Re: OT: An Idea for an IDS
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 1 Jul 2003 15:13:00 -0400
Message-id: <[🔎] 20030701191300.GD13065@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030701155727.GB20456@lodz.tpsa.pl>
References: <20030630223833.GA25418@zionlth.org> <[🔎] 20030701023915.GE1090@alcor.net> <[🔎] 20030701155727.GB20456@lodz.tpsa.pl>

On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:

> On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > Not really a good idea.  Consider what happens when someone forges the IP
> > addresses.
> 
> One can predefine trusted or other very important IP addresses which
> cannot be blocked.
> In fact, such an utility exists and is present in Debian Woody:
> fwlogwatch.

Which ones are important?  For example, one could forge packets from
millions of random IP addresses, popular web sites, etc. and easily DoS such
a system.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: OT: An Idea for an IDS
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>

References:
- Re: OT: An Idea for an IDS
  - From: Matt Zimmerman <mdz@debian.org>
- Re: OT: An Idea for an IDS
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>

Prev by Date: Re: Why is proftpd always started when one update it?
Next by Date: xfree86 4.2.1-9, cve CAN-2003-0063 and CAN-2003-0071
Previous by thread: Re: OT: An Idea for an IDS
Next by thread: Re: OT: An Idea for an IDS
Index(es):
- Date
- Thread