Title: [FW1] IDS & Automated Response
As many of you probably read, Lance Spitzner released a new version of
his alert.sh yesterday, and included a copy of my enhanced version of
the script in the examples directory. I'm planning on making a number
of further enhancements to the reporting (including snmp trap
support) as well as providing even more control over automated
response.
Now, this enhanced script isn't for everyone. I'm working on the
documentation right now so that it isn't as confusing, but there is
still the very good chance of someone missconfiguring it in a way
which leaves you open to a denial of service attack. If you don't
already understand why automated response systems can cause a DoS then
this script definately isn't for you.
However, if you find this sort of thing interesting or potentially
useful in your environment as a free alternative to more expensive
products such as ISS, please contact me. Right now I'm looking for
ideas to make the script better, as well as making decisions regarding
the script itself (like should it stay a shell script or should I port
it to Perl). I'd appreciate anyone's input in this matter.
Thanks.
--
Aaron Turner aturner@vicinity.com 650.237.0300 x252
Security Engineer Vicinity Corp.
Cell: 408-314-9874 http://www.vicinity.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
