Firewalls: Re: anyone seen an S.. attack against a firewall?

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: anyone seen an S.. attack against a firewall?
From:	charisse @ SmallWorks . COM (Charisse Castagnoli)
Date:	Mon, 17 Apr 1995 16:57:22 -0500
To:	firewalls @ GreatCircle . com, sikpuppy @ maestro . com

>>Wolfgang made some interesting points on using pattern matching software 
>>to detect any suspicious activity and having it trigger some action by 
>>the firewall.

>>While this approach would guard against known types of attack, it would 
>>not be able to detect attacks where the pattern is unknown.

I have to disagree.
We use a sophisticated version of "pattern matching" in our host based
intrusion detection analysis.  The attack is caught regardless of the
method used to commence the attack.  This is because many attacks can
be characterized by their outcomes, which are method independent.  The
trick is being able to trap the outcome early enough in the attack sequence
to prevent harm.  This is key in networks where the attacks themselves
contribute to the harm.

If you want more information on intrusion detection in general, pick up
the extensive bibliography available through info @
 haystack .
 com

charisse

Charisse Castagnoli				Haystack Labs
charisse @
 smallworks .
 com				1+512 918 3555(voice) 
						10713 RR 620 N. #521
						Austin Tx. 78726

Indexed By Date	Previous:	Need 3Com NetBuilder II experiences From: Edward Maillet <maillet @ bashful . usmcs . maine . edu>
Indexed By Date	Next:	Re: ADVISORY 951072: Compromised system attacking network sites From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Thread	Previous:	Re: anyone seen an S.. attack against a firewall? From: Sick Puppy <sikpuppy @ maestro . com>
Indexed By Thread	Next:	Exploiting UDP Ports From: fc @ all . net (Dr. Frederick B. Cohen)