[Discussion] Distributed Blocking

• Previous message (by thread): [Discussion] OSSIM and Sig Reliability
• Next message (by thread): [Discussion] Distributed Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kevin Ross wrote:

For active response the ability to specify agentless blocking devices.
i.e set up a pix/asa/iptables/pf firewall and say ssh into the device
from the master sensor, go into the correct configuration mode and then
enter in the appropriate command i.e ssh pix at firewall; enters the
password; en; enters the password; conf t; shun ip or acl. Then after a
set time remove the block. Also if it is an IPS the ability to say act
inline but also have active response such as dropping the attack and
blocking the ip or an attack is detected once drop it, if the same host
attacks again block it completely,


--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc

• Previous message (by thread): [Discussion] OSSIM and Sig Reliability
• Next message (by thread): [Discussion] Distributed Blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]