[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS: Active Countermeasures

To: Trent <trent@crystalwind.com>, ids@uow.edu.au
Subject: Re: IDS: Active Countermeasures
From: Robert Graham <robert_david_graham@yahoo.com>
Date: Fri, 7 May 1999 10:54:50 -0700 (PDT)
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

--- Trent <trent@crystalwind.com> wrote:
> Does anyone have suggestions for taking a somewhat more active approach to
> discouraging intruders?

Here are some "active" approaches:

1. attack the intruders
This is a BAD idea. It is simple to "spoof" the attacking address, which ultimately results in
attracking intruders who lure your site into attacking other sites, causing all sorts of legal
hassles for you.

2. put warning banners
On telent, SMTP, FTP, HTTP, etc., you should put up a banner saying "This site is monitored,
unauthorized access is forbidden and will be prosecuted".

Rob.

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Follow-Ups:
- Re: IDS: Active Countermeasures
  - From: CyberPsychotic <mlists@gizmo.kyrnet.kg>

Prev by Date: Re: IDS: Active Countermeasures
Next by Date: IDS: Real-world experience
Prev by thread: Re: IDS: Active Countermeasures
Next by thread: Re: IDS: Active Countermeasures
Index(es):
- Date
- Thread