Re: DARPA, NAI, and Munchkins

Kragen Sitaker (kragen@pobox.com)
Sun, 20 Dec 1998 10:33:34 -0500 (EST)


On Sun, 20 Dec 1998, Keith Dawson wrote:
> The active security concept involves having different components of
> security technology work together, she explained. For instance, if an
> intrusion detection system notices a security breach, it could send a
> message to the firewall which could then shut down the gateway, log the
> event and notify the console operator, Benzel said.

There are systems that do this already. They open a host of new
security problems on today's Internet -- it is usually possible to fool
the IDS into (a) detection of fake intrusions and (b) not detecting
real intrusions. (a) can result in denial of service to legitimate
users and services; many security mechanisms in use today can be made
to break down under these circumstances.

There's a paper on insertion and evasion attacks (which explains (b))
that was posted to BUGTRAQ some months ago. (a) can be as simple as
spoofing packets.

Not that I've *done* any of this, mind you.

-- 
<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
"Why are you withholding me?" -- name withheld  "Oh... And dig this:  I
am a fish.  'Nuff said." -- Joe Blaylock (no further explanation)
These are the denizens of the CLUG mailing list.  Their five-year mission: