Re: OT: An Idea for an IDS

To: debian-security@lists.debian.org
Subject: Re: OT: An Idea for an IDS
From: Tomasz Papszun <tomek@lodz.tpsa.pl>
Date: Wed, 2 Jul 2003 13:15:15 +0200
Message-id: <[🔎] 20030702111515.GC15336@lodz.tpsa.pl>
In-reply-to: <[🔎] 20030701191300.GD13065@alcor.net>
References: <20030630223833.GA25418@zionlth.org> <[🔎] 20030701023915.GE1090@alcor.net> <[🔎] 20030701155727.GB20456@lodz.tpsa.pl> <[🔎] 20030701191300.GD13065@alcor.net>

On Tue, 01 Jul 2003 at 15:13:00 -0400, Matt Zimmerman wrote:
> On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:
> 
> > On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > > Not really a good idea.  Consider what happens when someone forges the IP
> > > addresses.
> > 
> > One can predefine trusted or other very important IP addresses which
> > cannot be blocked.
> > In fact, such an utility exists and is present in Debian Woody:
> > fwlogwatch.
> 
> Which ones are important?  For example, one could forge packets from

Everyone must decide it for himself :-) .

> millions of random IP addresses, popular web sites, etc. and easily DoS such
> a system.

Sure, I am aware of cons of similar technique and I know that it's
_very_ far from perfectness. I wrote the previous message only because
someone wondered about creating similar utility, so I pointed to one of
already existing one :-) .

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@lodz.tpsa.pl   http://www.lodz.tpsa.pl/   | ones and zeros.

Reply to:

References:
- Re: OT: An Idea for an IDS
  - From: Matt Zimmerman <mdz@debian.org>
- Re: OT: An Idea for an IDS
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>
- Re: OT: An Idea for an IDS
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: xfree86 4.2.1-9, cve CAN-2003-0063 and CAN-2003-0071
Next by Date: Re: Strongest linux - kernel patches
Previous by thread: Re: OT: An Idea for an IDS
Next by thread: Re: OT: An Idea for an IDS
Index(es):
- Date
- Thread