[unisog] IPS

Ken Connelly Ken.Connelly at uni.edu
Wed Feb 9 19:25:30 GMT 2005


Hunt,Keith A wrote:

>>2. You could drop sessions associated with those packets.
>>
>>    e.g. Drop an SMTP session if an attempt is made to
>>         transfer malicious content (generally not a good
>>         idea by the way but useful as an example)
>>    
>>
>
>I have been wondering about the implications of dropping an SMTP session
>like this. Could you expound on why you think this is not a good idea?
>  
>
Because if it's a bonafide server, the remote end will just start the 
SMTP session over again in 30 or 60 (or more) minutes.

- ken

>  
>
>>--
>>Gary Flynn
>>Security Engineer
>>James Madison University
>>_______________________________________________
>>    
>>
>
>
>  
>

-- 
- Ken
=================================================================
Ken Connelly Systems and Operations Manager, ITS Network Services
University of Northern Iowa           Cedar Falls, IA  50614-0121
email: Ken.Connelly at uni.edu
phone: (319) 273-5850   fax: (319) 273-7373

It's much more important to know what you don't know than what you do know!





More information about the unisog mailing list