01-24-2007, 09:34 AM
Quote:What do you think about reactive firewalls, also knows as IPS (Intrusion Prevention Systems)?
eactive security is an idea that keeps popping up. It seems logical. Why not send out a virus to cure a virus, for example? How about having an attacked host somehow stifle the attacker, or tell a firewall to block the noxious packets.
These are very tricky things to do, and the danger is always that an attacker can make you DOS yourself or someone else. As an attacker, I can make you shut down connections by making them appear to misbehave. This is often easier than launching the original attack that the reactive system was designed to suppress. (By the way, this happens a lot in biological immune systems as well. There are a number of diseases that trigger dangerous or fatal immune system responses.)
So I am skeptical about these systems...
full interview with Internet security pioneer Bill Cheswick: http://www.securityfocus.com/columnists/429/2