[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-devel
Subject: Re: [Snort-devel] IDS vs IPS
From: Jeff Nathan <jeff () snort ! org>
Date: 2003-08-31 0:16:00
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I chopped a lot of the traffic from this thread purposely as the
responses were getting a bit length. :)
Frank, I've looked at your feature matrix and I'd wanted to add a
couple of extra criteria. Namely, stream reassembly and full IP
defragmentation. Typically, a firewall only needs to defragment enough
of an IP packet to get the network and transport header. Also, even a
sophisticated firewall doesn't need to perform stream reassembly. Most
often, a sophisticated firewall would watch the sequence numbers and
acknowledgment numbers passed back and forth to make sure it was
enforcing TCP states fully (ie: making sure a given TCP segment falls
within the window of acceptable sequence numbers).
I think many people would be surprised to learn how few products
operate at even this level of sophistication. Before we take the
plunge into giving firewall vendors too much credit, we should
paraphrase Dennis Miller: comparing a firewall to a NIDS is like
showing an ancient people the movie ice age; much like the ancient
people would be shocked at a vision of the future the firewall is
strikingly non-evolved when compared to NIDS.
- -Jeff
- --
Top security experts. Cutting edge tools, techniques and information.
Tokyo, Japan November, 2003 http://www.pacsec.jp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
iD8DBQE/UT5FEqr8+Gkj0/0RAgMZAKC4ZAff/4XwhF0YQoNqalkSD7iMjACdGh+u
7x+NwKa/Z3J9vs5MpLg0nW4=
=Srqv
-----END PGP SIGNATURE-----
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic